closed source
Alex Martelli
aleax at aleax.it
Mon Oct 27 08:45:39 EST 2003
David Bolen wrote:
> Milos Prudek <milos.prudek at tiscali.cz> writes:
>
>> This will not protect against illegal copying, however. Let's say that
...
> So in the end, as long as there's any interpreted code that is in
> control of the authentication, you might not be any better off, so why
> expend the effort in the first place. I think this is largely true
> for any interpreted language.
I have said this often but I think it's worth repeating: if you
distribute executable code, no matter how cleverly disguised, somebody
else is going to be clever enough to hack away any authentication
etc. Proof by existence: any warez site.
If you have code so valuable you DO really truly want to protect it,
the solution lies in *web-services*. Carefully cut out the extremely
valuable parts of your application and DON'T distribute them as
any kind of executable code: only distribute "clients" that must
rely on connecting to a web-service, where you will make all the
juicy parts available. Your extremely precious code thus lives on
a server under your control, and you CAN secure it against hacking.
You also get to implement any business model you prefer (one-off
payment, subscription, pay-per-use, etc, etc). [Any kind of network
RPC protocol will work fine, of course -- "web-services" are just
one currently fashionable way to achieve such a protocol].
Of course this isn't applicable everywhere, although with the wider
and wider availability of connectivity (including wireless) the
area of applicability keeps growing. Some cases where this approach
can't be used might be handled instead by putting the extremely
valuable portions of your code into a custom integrated-circuit of
some kind (much harder to reproduce, though not impossible).
Striving to "protect" code which you distribute in executable form
is tilting at windmills. I've spent far too large a part of my
life hacking up such "protection" schemes, with and without "dongles"
of some kind to support them, and it's been far more effective in
bothering perfectly legitimate use than in foiling crackers and
warezguyz. These days, whenever somebody asks me about such
protection, I insist on the "webservice, or custom IC" as the only
really viable approaches. BTW, such conversations generally end
up, in 90% of the cases, concluding that the allegedly precious
code ISN'T really as precious as to be truly worth protecting -- if
so, putting in some looks-like-protection-to-the-clueless tweak may
of course be the easiest way to pacify a paranoic PHB ... :-) But
that's just as easy with Python as with any other language, of course.
Alex
More information about the Python-list
mailing list