Protecting Source Code

[Alex Martelli]

<posted & mailed>

Cameron Zemek wrote:

> Okay, but is python byte-code as safe as compiled Java code for instance?

Roughly, I would put them on a par, yes.

> Are there obfuscation tools for python available? More importantly how

I'm not aware of any (which doesn't mean none exist), but with Python's
powerful introspection &c facilities it should be trivial to e.g. turn
all identifiers (that aren't reserved words, built-ins etc) into anodyne
x00, x01, x02, etc - for what that may be worth.

> much information can be gathered about the source code from python
> byte-code?

A HUGE amount -- just like for Java, at the very least.  Basically,
except for identifiers, comments, &c, any competent programmer can
reconstruct your original sources from the bytecode (not that it's
much harder to do so from the machine code produced, say, by typical
C compilers -- it takes longer, sure, because the lower-level a
language and the pushier its optimizer the more work is involved,
but not wildly out of proportion from the extra work it takes to
CODE such an application in C vs Python in the first place:-).

If your code is truly worth protecting from competent prying eyes,
don't distribute it -- not all of it, at least: keep some under your
own strict control, serving xml-rpc or the like from your website.
THAT saves you from reverse engineering (and may afford creative
billing opportunities, such as per-use fees and the like).


Alex