How to protect python code ?
markscottwright at hotmail.com
Tue Apr 8 02:37:07 CEST 2003
Dave Brueck wrote:
> On Mon, 7 Apr 2003, msw wrote:
>>Jp Calderone wrote:
>>>On Thu, Apr 03, 2003 at 09:35:49AM +0200, christophe grimault wrote:
>>>>Before trying my own solutions, I wonder if someone already has a solution
>>>>to this. We have been programming a quite large application in python and
>>>>it contains many original algorithm and other things. The application will
>>>>be sent to customers in a few month and since it is a commercial app, we
>>>>need some protection against copy (illegal copies) and we need to make
>>>>sure that critical parts of the code cannot be viewed and studied.
>>I'm really interested in this as well, and I think that it's an
>>important issue for python. Unfortunately, as I'm sure you've
>>discovered by now, it's a question that comp.lang.python is
>>constitionally incapable of answering. The only answers you will get in
>>this group are:
>>1. intellectual property law is sufficient
>>2. no protection scheme is perfect
> Not true - check the archives. In the past people, including myself, have
> posted the general steps to do to "protect" the code. It's not worth the
> effort in most cases, IMO, but answers *have* been given.
If so, I was unable to find it, and I think this thread proves my point.
I count half a dozen responses to my post, not one of which provided
any detail into protecting source code. However, they all go into great
detail, at varying levels of insult, about how I shouldn't be asking the
question in the first place. I have consulted the archives and the
signal/noise ratio is similar. No offense, but this post is a case in
point (although more respectful than most) - a few vague sentences about
how to accomplish this followed by several paragraphs implying that I
don't understand the product requirements.
The software I write falls under the category of those that need to have
the source code hidden from customers - for many reasons, not least of
which is "because the marketing department says so". Our customers are
unlikely to go after "movl $0x0007, %ax" with a hex editor, but are
almost certain to mess with code that looks like "licenseCount = 5".
My frustration with this question is that it seems to offend the c.l.p.
readership to such a degress that they collectively decide to drown out
any meaningful discussion on the matter.
>>I think it ought to be relatively easy to distribute a hacked version of
>>the python interpreter with your application that substitutes the
>>standard "import" code with code that first looks for .pys files (or,
>>what the hell, .tcl - let's not make this any easier) that are
>>des-encrypted .py files.
> It *is* relatively easy to do this - there are various ways to overload
> imports, import from libraries, add new extensions and import handlers,
> and you don't need a "hacked" interpreter - the simplest example of
> running Python from C code will do.
That was what I was suggesting - distributing myapp.exe along with
python.dll, where myapp.exe installed a different __import__ that looked
for files with a particular extention that were scrambled or encrypted.
Which then raises the question of how I determine dependencies for
More information about the Python-list