How to protect Python source from modification
Robert Kern
rkern at ucsd.edu
Tue Sep 13 02:20:15 EDT 2005
Frank Millman wrote:
> Steven D'Aprano wrote:
>
>>On Mon, 12 Sep 2005 08:33:10 -0700, Frank Millman wrote:
>>
>>>My problem is that, if someone has access to the network and to a
>>>Python interpreter, they can get hold of a copy of my program and use
>>>it to knock up their own client program that makes a connection to the
>>>database. They can then execute any arbitrary SQL command.
>>
>>Why is that your problem, instead of the company's problem? It is their
>>database server, yes? If they want to connect to it and execute arbitrary
>>SQL commands on their own database, (1) who are you to tell them they
>>can't? and (2) they hardly need your program to do it.
>>
>>--
>>Steven
>
> If they choose to give the userid and password to an individual, they
> are obviously giving him permission to execute any command.
>
> On the other hand, they can reasonably expect to set up users without
> giving them direct access to the database, in which case I think they
> would be upset if the users found this restriction easy to bypass.
Certainly, but that access control *shouldn't happen in the client*
whether the source is visible or not.
--
Robert Kern
rkern at ucsd.edu
"In the fields of hell where the grass grows high
Are the graves of dreams allowed to die."
-- Richard Harter
More information about the Python-list
mailing list