How to protect Python source from modification

Peter Hansen peter at engcorp.com
Mon Sep 12 10:08:54 EDT 2005 

Frank Millman wrote:
> I am writing a multi-user accounting/business system. Data is stored in
> a database (PostgreSQL on Linux, SQL Server on Windows). I have written
> a Python program to run on the client, which uses wxPython as a gui,
> and connects to the database via TCP/IP.
> 
> The client program contains all the authentication and business logic.
> It has dawned on me that anyone can bypass this by modifying the
> program. As it is written in Python, with source available, this would
> be quite easy. My target market extends well up into the mid-range, but
> I do not think that any CFO would contemplate using a program that is
> so open to manipulation.
> 
> The only truly secure solution I can think of would involve a radical
> reorganisation of my program

Please define what "truly secure" means to you.

I think you'll find that the only "truly secure" solution is to install 
the critical authentication and business logic stuff that you want to 
protect on a server to which the user does not have physical access.

People wanting to protect critical algorithms often conclude that they 
need to have a "black box" server which cannot be physically opened by 
the user.

Or do you think this issue is in some way unique to Python?  You might 
not realize that the only difference from a security point of view 
between shipping such a program written in Python and one written in, 
say, C++, is that "modifying the program" is somewhat more tedious with 
C++.  That's no better than security by obscurity; maybe it should be 
called "security by adiposity". ;-)

But the real answer does depend a lot on *exactly* what kind of security 
you want (or, ultimately, what it turns out you really need, once you've 
clarified your thinking based on the feedback you do get here).  Issues 
like: are you more concerned about detecting changes, or in preventing 
them in the first place? (the latter is much harder); what is the nature 
of software that competes with yours?  (is it really any more secure, or 
only apparently so? maybe this is just a marketing issue); and is there 
any intellectual property that you are trying to protect here, or are 
you just interested in avoiding casual disruption of normal operation?

-Peter

More information about the Python-list mailing list