How to protect Python source from modification

Gerhard Häring gh at ghaering.de
Mon Sep 12 16:11:26 CEST 2005


Frank Millman wrote:
> Hi all
> 
> I am writing a multi-user accounting/business system. Data is stored in
> a database (PostgreSQL on Linux, SQL Server on Windows). I have written
> a Python program to run on the client, which uses wxPython as a gui,
> and connects to the database via TCP/IP.
> 
> The client program contains all the authentication and business logic.
> It has dawned on me that anyone can bypass this by modifying the
> program. As it is written in Python, with source available, this would
> be quite easy. My target market extends well up into the mid-range, but
> I do not think that any CFO would contemplate using a program that is
> so open to manipulation. [...]

My suggestion is to use py2exe or cx_Freeze to package your application. 
It's then not as trivial to modify it. Btw. you don't need to ship the 
.py source code files, it's enough to ship only .pyc bytecode files.

Using py2exe it's not even obvious that your application is written in 
Python at all.

It's not a silver bullet, but at least it makes recompiling/modifiying 
your app not easier than with Java (and/or .NET I suppose).

That being said, even if you continue with the GUI approach, it may 
still be a good idea to factor out all the business logic in a separate 
module so you can eventually switch to a web application or a three-tier 
model without too much effort.

Also, there's no need at all to put in countless hours implementing your 
own network protocol. If you really want to separate client and app 
server, then why not use something simple as PyRO, or even XML/RPC.

HTH,

-- Gerhard




More information about the Python-list mailing list