Protecting Source Code

[Andy Robinson]

>I'm very new to Python so this may be a silly suggestion..
>
>Could you not encrypt the .pyc files and use a custom importer to decrypt
>them on the fly?
>
>Key management then becomes the issue but there are various approaches to
>that problem depending on your level of paranoia.

A few colleagues and I looked into this
last year, but we ran out of time to carry through.  The idea
is to have a custom importer in C, to which you don't
ship source, and which can be used for multiple versions
of the app.  Code could then be placed in a zip- or jar-like
archive which the importer can load subject to the
right keys.

I can see several perfectly good 'attacks' to get at the
code in almost any real world Python application,
including one protected this way, if you have access to the 
machine.  But at least this would raise the bar slightly compared 
to shipping pyu or pyc files..  

My own take on software protection is that if you don't have 
ANY, they could mumble "oh we lost track of the licenses";
 but if you make them explicitly jump through some hoops, they 
know they are breaking the law.  Which is enough to make a majority
of users pay or desist.  Also, if you are charging per server CPU,
there is some benefit if the software wakes up and grumbles
when the syadmins move your app from a 1-CPU to 8-CPU
machine.

I should point out that the .NET Intermediate Language makes
Windows code just as easy to open up as Java or Python bytecodes.
It doesn't seem to be dissuading anyone from writing commercial
software on those platforms.

- Andy Robinson