How to protect Python source from modification

Robert Kern rkern at ucsd.edu
Tue Sep 13 08:20:15 CEST 2005


Frank Millman wrote:
> Steven D'Aprano wrote:
> 
>>On Mon, 12 Sep 2005 08:33:10 -0700, Frank Millman wrote:
>>
>>>My problem is that, if someone has access to the network and to a
>>>Python interpreter, they can get hold of a copy of my program and use
>>>it to knock up their own client program that makes a connection to the
>>>database. They can then execute any arbitrary SQL command.
>>
>>Why is that your problem, instead of the company's problem? It is their
>>database server, yes? If they want to connect to it and execute arbitrary
>>SQL commands on their own database, (1) who are you to tell them they
>>can't? and (2) they hardly need your program to do it.
>>
>>--
>>Steven
> 
> If they choose to give the userid and password to an individual, they
> are obviously giving him permission to execute any command.
> 
> On the other hand, they can reasonably expect to set up users without
> giving them direct access to the database, in which case I think they
> would be upset if the users found this restriction easy to bypass.

Certainly, but that access control *shouldn't happen in the client*
whether the source is visible or not.

-- 
Robert Kern
rkern at ucsd.edu

"In the fields of hell where the grass grows high
 Are the graves of dreams allowed to die."
  -- Richard Harter




More information about the Python-list mailing list