How to protect Python source from modification
gh at ghaering.de
Mon Sep 12 16:11:26 CEST 2005
Frank Millman wrote:
> Hi all
> I am writing a multi-user accounting/business system. Data is stored in
> a database (PostgreSQL on Linux, SQL Server on Windows). I have written
> a Python program to run on the client, which uses wxPython as a gui,
> and connects to the database via TCP/IP.
> The client program contains all the authentication and business logic.
> It has dawned on me that anyone can bypass this by modifying the
> program. As it is written in Python, with source available, this would
> be quite easy. My target market extends well up into the mid-range, but
> I do not think that any CFO would contemplate using a program that is
> so open to manipulation. [...]
My suggestion is to use py2exe or cx_Freeze to package your application.
It's then not as trivial to modify it. Btw. you don't need to ship the
.py source code files, it's enough to ship only .pyc bytecode files.
Using py2exe it's not even obvious that your application is written in
Python at all.
It's not a silver bullet, but at least it makes recompiling/modifiying
your app not easier than with Java (and/or .NET I suppose).
That being said, even if you continue with the GUI approach, it may
still be a good idea to factor out all the business logic in a separate
module so you can eventually switch to a web application or a three-tier
model without too much effort.
Also, there's no need at all to put in countless hours implementing your
own network protocol. If you really want to separate client and app
server, then why not use something simple as PyRO, or even XML/RPC.
More information about the Python-list