Technical Answer - Protecting code in python

Carsten Haese carsten at uniqsys.com
Wed Mar 21 15:23:13 CET 2007


On Wed, 2007-03-21 at 06:36 -0700, flit wrote:
> Hello All,
> 
> I have a hard question, every time I look for this answer its get out
> from the technical domain and goes on in the moral/social domain.
> First, I live in third world with bad gov., bad education, bad police
> and a lot of taxes and bills to pay, and yes I live in a democratic
> "state" (corrupt, but democratic).
> So please, don't try to convince me about the social / economical /
> open source / give to all / be open / all people are honest until
> prove contrary / dance with the rabbits...
> Remember I need to pay bills and security.

Developing open-source code and getting paid are not necessarily
mutually exclusive, but I digress...

> Now the technical question:
> 
> 1 - There is a way to make some program in python and protects it? I
> am not talking about ultra hard-core protection, just a simple one
> that will stop 90% script kiddies.

Not providing .py files and instead only providing .pyc files is
perfectly viable, really easy to do, and provides adequate protection
against casual/accidental code inspection.

A sufficiently determined person will be able to retrieve the source
code, but that is also true for any other imaginable protection scheme.
In order for the user's computer to execute your code, you have to give
the user's computer your code. Once that happens it's only a question of
how determined you are to obfuscate the code and how determined they are
to break your obfuscation.

> 2 - If I put the code in web like a web service, how can I protect my
> code from being ripped? There is a way to avoid someone using my site
> and ripping the .py files?

Providing the code as a service instead means that you don't have to
give the user your code, since the code runs on your hardware. As long
as the server is properly configured, it will never serve the source
code. You would still have to worry about malicious users trying to gain
unauthorized root access to your server, and then they can do whatever
they want, including looking at your super secret and super valuable
code.

It all comes back down to the question of how determined you are to
protect your code and how determined your users are to break into it. 

-Carsten





More information about the Python-list mailing list