How to protect Python source from modification

Bruno Desthuilliers bdesth.quelquechose at free.quelquepart.fr
Mon Sep 12 23:39:45 CEST 2005


Frank Millman a écrit :
> bruno modulix wrote:
> 
>>Frank Millman wrote:
>>
>>>Hi all
>>>
>>>I am writing a multi-user accounting/business system. Data is stored in
>>>a database (PostgreSQL on Linux, SQL Server on Windows). I have written
>>>a Python program to run on the client, which uses wxPython as a gui,
>>>and connects to the database via TCP/IP.
>>>
>>>The client program contains all the authentication and business logic.
>>>It has dawned on me that anyone can bypass this by modifying the
>>>program.
>>
>>If your program relies on a RDBMS, then it's the RDBMS job to enforce
>>security rules.
>>
> 
> Two possible responses to this -
> 
> 1. You are right (90% probability)
> 
> 2. I have certain requirements which can not easily be expressed in the
> RDBMS, so it is easier to use the application to enforce certain rules
> (10% probability)

easier, but with a somewhat annoying side-effect... Do you really mean 
"easier", or do you think "impossible" ?

> Unfortunately I am stuck with number 2 at present.

:-/

>>>As it is written in Python, with source available, this would
>>>be quite easy.
>>
>>Then there's probably something wrong with the way you manage security.
>> 
> 
> Probably - I am learning the hard way <g>

As most of us do :-/

Having jumped directly from 2-tiers fat client apps to web apps, I 
really have no experience with adding a third tiers to a fat client app, 
but AFAICT, Python seems to have a lot to offer here.

BTW, sorry if my answer seemed a bit rude, I didn't mean to be that critic.



More information about the Python-list mailing list