How to protect python code ?

Mon Apr 7 20:37:07 EDT 2003

Dave Brueck wrote:
> On Mon, 7 Apr 2003, msw wrote:
> 
> 
>>Jp Calderone wrote:
>>
>>>On Thu, Apr 03, 2003 at 09:35:49AM +0200, christophe grimault wrote:
>>>
>>>>Before trying my own solutions, I wonder if someone already has a solution
>>>>to this. We have been programming a quite large application in python and
>>>>it contains many original algorithm and other things. The application will
>>>>be sent to customers in a few month and since it is a commercial app, we
>>>>need some protection against copy (illegal copies) and we need to make
>>>>sure that critical parts of the code cannot be viewed and studied.
>>>>
>>
>>I'm really interested in this as well, and I think that it's an
>>important issue for python.  Unfortunately, as I'm sure you've
>>discovered by now, it's a question that comp.lang.python is
>>constitionally incapable of answering.  The only answers you will get in
>>this group are:
>>
>>1. intellectual property law is sufficient
>>2. no protection scheme is perfect
> 
> 
> Not true - check the archives. In the past people, including myself, have
> posted the general steps to do to "protect" the code. It's not worth the
> effort in most cases, IMO, but answers *have* been given.

If so, I was unable to find it, and I think this thread proves my point. 
  I count half a dozen responses to my post, not one of which provided 
any detail into protecting source code.  However, they all go into great 
detail, at varying levels of insult, about how I shouldn't be asking the 
question in the first place.  I have consulted the archives and the 
signal/noise ratio is similar.  No offense, but this post is a case in 
point (although more respectful than most) - a few vague sentences about 
how to accomplish this followed by several paragraphs implying that I 
don't understand the product requirements.

The software I write falls under the category of those that need to have 
the source code hidden from customers - for many reasons, not least of 
which is "because the marketing department says so".  Our customers are 
unlikely to go after "movl $0x0007, %ax" with a hex editor, but are 
almost certain to mess with code that looks like "licenseCount = 5".

My frustration with this question is that it seems to offend the c.l.p. 
readership to such a degress that they collectively decide to drown out 
any meaningful discussion on the matter.

>>I think it ought to be relatively easy to distribute a hacked version of
>>the python interpreter with your application that substitutes the
>>standard "import" code with code that first looks for .pys files (or,
>>what the hell, .tcl - let's not make this any easier) that are
>>des-encrypted .py files.
> 
> 
> It *is* relatively easy to do this - there are various ways to overload
> imports, import from libraries, add new extensions and import handlers,
> and you don't need a "hacked" interpreter - the simplest example of
> running Python from C code will do.

That was what I was suggesting - distributing myapp.exe along with 
python.dll, where myapp.exe installed a different __import__ that looked 
for files with a particular extention that were scrambled or encrypted. 
   Which then raises the question of how I determine dependencies for 
setup.py, etc.

msw