How to protect Python source from modification

Frank Millman frank at chagford.com
Mon Sep 12 18:46:17 CEST 2005


bruno modulix wrote:
> Frank Millman wrote:
> > Hi all
> >
> > I am writing a multi-user accounting/business system. Data is stored in
> > a database (PostgreSQL on Linux, SQL Server on Windows). I have written
> > a Python program to run on the client, which uses wxPython as a gui,
> > and connects to the database via TCP/IP.
> >
> > The client program contains all the authentication and business logic.
> > It has dawned on me that anyone can bypass this by modifying the
> > program.
>
> If your program relies on a RDBMS, then it's the RDBMS job to enforce
> security rules.
>

Two possible responses to this -

1. You are right (90% probability)

2. I have certain requirements which can not easily be expressed in the
RDBMS, so it is easier to use the application to enforce certain rules
(10% probability)

Unfortunately I am stuck with number 2 at present.

> > As it is written in Python, with source available, this would
> > be quite easy.
>
> Then there's probably something wrong with the way you manage security.
>

Probably - I am learning the hard way <g>

> NB: splitting business logic from the GUI is still a good idea anyway.
>

I do have it fairly well split, but it all ends up being processed on
the client, which I think is the root of my problem.

> --
> bruno desthuilliers - unpythonic sig:
> python -c "print '@'.join(['.'.join([w[::-1] for w in p.split('.')]) for
> p in 'onurb at xiludom.gro'.split('@')])"

Thanks

Frank




More information about the Python-list mailing list