[Q] how to protect python program from decompilation

Grant Griffin not.this at seebelow.org
Mon Feb 19 22:52:53 EST 2001 

Tim Peters wrote:
> 
> [Leonid Gluhovsky]
> > The company I work for has a program written in Python, and wants to
> > ship it to customers in such a way that even if the customers are Python
> > gurus they will not be able to decompile Python bytecode and arrive at
> > readable source.
> >
> > Is it possible?
> 
> Not a chance, but that's got little to do with Python.  If you let me run
> any code whatsoever on my box, I can get a trace of the CPU instructions
> executed, and that suffices for reasonable reconstruction of the executed
> paths in the source code given enough effort.

That last part is the key: "given enough effort".  From a strictly
economic point of view, you want to make them spend more money
decompiling it than they would spend writing it themselves from
scratch.  But bored teenagers aside (who defy all economic theory), this
is virtually always the case: the economic value of most software
doesn't derive from any special "trade secrets" it embodies; it's
usually pretty easy to figure out basically how it works (Perl's parser
notwithstanding <wink>).  Instead, the economic value of most software
derives just from the "hard work" it took to create the (finished)
software package--including not just "design and coding" but also (and
perhaps more significantly) things like testing, documentation,
packaging, and marketing.

Although there isn't much actual "security" in any sort of compilation
process, I think it _is_ highly successful in "keeping honest people
honest".  In this case, the Python-to-exe converters probably have that
effect.  In any event, unless one has created a software gizmo whose
algorithms are so profoundly new and amazing that nobody can possibly
figure out how it basically works just by seeing it in action, there's
not much point in worrying about the limitations of any sort of
compilation-based "security".

open-source-software-carries-this-to-its-logical-conclusion-ly y'rs,

=g2
-- 
_____________________________________________________________________

Grant R. Griffin                                       g2 at dspguru.com
Publisher of dspGuru                           http://www.dspguru.com
Iowegian International Corporation            http://www.iowegian.com

More information about the Python-list mailing list