Protecting Source Code
Alex Martelli
aleax at aleax.it
Fri May 9 04:02:42 EDT 2003
<posted & mailed>
Cameron Zemek wrote:
> Okay, but is python byte-code as safe as compiled Java code for instance?
Roughly, I would put them on a par, yes.
> Are there obfuscation tools for python available? More importantly how
I'm not aware of any (which doesn't mean none exist), but with Python's
powerful introspection &c facilities it should be trivial to e.g. turn
all identifiers (that aren't reserved words, built-ins etc) into anodyne
x00, x01, x02, etc - for what that may be worth.
> much information can be gathered about the source code from python
> byte-code?
A HUGE amount -- just like for Java, at the very least. Basically,
except for identifiers, comments, &c, any competent programmer can
reconstruct your original sources from the bytecode (not that it's
much harder to do so from the machine code produced, say, by typical
C compilers -- it takes longer, sure, because the lower-level a
language and the pushier its optimizer the more work is involved,
but not wildly out of proportion from the extra work it takes to
CODE such an application in C vs Python in the first place:-).
If your code is truly worth protecting from competent prying eyes,
don't distribute it -- not all of it, at least: keep some under your
own strict control, serving xml-rpc or the like from your website.
THAT saves you from reverse engineering (and may afford creative
billing opportunities, such as per-use fees and the like).
Alex
More information about the Python-list
mailing list