How to protect Python source from modification

Michael Ekstrand mekstran at scl.ameslab.gov
Mon Sep 12 21:40:28 CEST 2005


On Sep 12, 2005, at 11:26 AM, Frank Millman wrote:
> If I move all the authentication and business logic to a program which
> runs on the server, it is up to the system administrator to ensure that
> only authorised people have read/write/execute privileges on that
> program. Clients will have no privileges, not even execute. They will
> have their own client program, which has to connect to my server
> program, and communicate with it in predefined ways. I *think* that in
> this way I can ensure that they cannot do anything outside the bounds
> of what I allow them.

I think you have no choice but to do this. Even if you package up the 
program in an unmodifiable form, a competent user with a packet sniffer 
or even standard OS utilities can determine where you are connecting 
and bypass your security/logic. Only if the logic is implemented at a 
point beyond the user's reach can you be ensured of logic integrity.

-Michael




More information about the Python-list mailing list