How to protect Python source from modification
Michael Ekstrand
mekstran at scl.ameslab.gov
Mon Sep 12 15:40:28 EDT 2005
On Sep 12, 2005, at 11:26 AM, Frank Millman wrote:
> If I move all the authentication and business logic to a program which
> runs on the server, it is up to the system administrator to ensure that
> only authorised people have read/write/execute privileges on that
> program. Clients will have no privileges, not even execute. They will
> have their own client program, which has to connect to my server
> program, and communicate with it in predefined ways. I *think* that in
> this way I can ensure that they cannot do anything outside the bounds
> of what I allow them.
I think you have no choice but to do this. Even if you package up the
program in an unmodifiable form, a competent user with a packet sniffer
or even standard OS utilities can determine where you are connecting
and bypass your security/logic. Only if the logic is implemented at a
point beyond the user's reach can you be ensured of logic integrity.
-Michael
More information about the Python-list
mailing list