Protecting Source Code

Andy Robinson andy at reportlab.com
Fri May 9 18:32:28 EDT 2003 

On Fri, 9 May 2003 14:28:38 +1000, "Cameron Zemek"
<grom_3 at optusnet.com.au> wrote:

>How can I protect my python source code for a commerical application?
>
Ship .pyc files, have some code which restricts the software in
the absence of a file 'myapp_license.py' (which might contain
things to be checksummed and thus is tamper proof), and don't worry.

I urge you to think of economics and not technicalities.  In many
cases you want to maximize your revenue, not to expend excessive
effort trying to achieve 'zero piracy'

If you are shipping shareware, or indeed anything where they can
download evluation copies,  and want to maximiuze the number of
people paying you, then there are indications that adding some
very basic restrictions (e.g. pyc files only and some restriction
until a license arrives) can boost payments by a factor of 5
compared to no protection at all.    

If it is something of wide consumer interest and gets really
popular, then people will crack it, burn CDs and sell it all
over the world in dodgy little kiosks.  But if you aren't lucky enough
to be selling a recognized app that big, it's unlikely.

If selling to a corporate market, they will definitey buy one
license, but the risk is of 'creep' in the number of copies installed.
Many firms, including IBM, have distributed license manager
systems, to make it easy to track and audit the installations
and thus making it "easy to pay the right amount". 

If selling per server CPU, there is obvious utility (and probably
a large check) in having the app warn them or stp when they put a
1-server copy on an 8-CPU box.  The sysadmins don't care,
they just need to be prompted.

There's way more money in focusing on human factors
to get from, say, 60% to 80% paid use of your software,
than in really advanced technical ones to reduce the
number of people in the world likelye to crack it from, say, 100 down
to 1.  Spend those man hours on friendly mechanisms to
link to your payment site, followups to ask people how
evaluations are going, or friendly visits to corporate
customers which include an audit.

Andy Robinson
ReportLab inc

More information about the Python-list mailing list