Python obfuscation

Yu-Xi Lim yuxi at ece.gatech.edu
Sat Nov 12 09:30:07 CET 2005


Alex Martelli wrote:
> There is no effective manner of protecting your code, except running it
> only on well-secured machines you control yourself.  If you distribute
> your code, in ANY form, and it's at all interesting to people with no
> interest in respecting the law, then, it WILL be cracked (and if users
> choose to respect the law, then you need no "protecting").

Indeed. An this extends to web services too. If you have input which can 
be observed (or even better, controlled) and output that can be observed 
too, one would be able to infer the workings of the code (reverse 
engineering in one of its purest forms).

If your business strategy relies heavily on a proprietary algorithm or 
even something as weak as lock-in via a proprietary "un-interoperable" 
data format, then web services is not the final answer. It may work for 
certain applications (Microsoft's for example) where the cost of reverse 
engineering is equivalent to the cost of building from scratch.



More information about the Python-list mailing list