Pyarmor, guard your python scripts

Ben Finney ben+python at benfinney.id.au
Tue Sep 15 11:36:21 CEST 2015


Jondy Zhao <jondy.zhao at gmail.com> writes:

> Pyarmor is a simple to use tool which is capable of importing or
> running encrypted Python script files. Moreover, it can apply encoding
> algorithms to your Python scripts, in order to help you protect them
> before you can distribute them. You may also generate license files
> with custom validity conditions.

Protect them from whom? What is the threat model against which Pyarmor
is claimed to protect? Who is the attacker, who is being protected?

> The program allows you to encrypt files, but to also open and run them
> as if no protection was applied. Moreover, it can run or import
> encrypted Python scripts in any target machine, only in specified
> machines or before a specified date. This aspect can be controlled by
> the creation of the license files: bound to a hard disk serial number
> or by an expiration date.

So a Python file encrypted this way will be arbitrarily restricted in
how it can be inspected for debugging, performance monitoring, and
testing?

This seems to explicitly treat the user of the Python software as a
hostile attacker. That is not a friendly or respectful position, and I
hope I misunderstand Pyarmor's operation.

-- 
 \       “Any fool can write code that a computer can understand. Good |
  `\       programmers write code that humans can understand.” —Martin |
_o__)                                      Fowler, _Refactoring_, 2000 |
Ben Finney



More information about the Python-list mailing list