How to protect Python source from modification

Mon Sep 12 12:26:57 EDT 2005

Peter Hansen wrote:
> Frank Millman wrote:
> > I am writing a multi-user accounting/business system. Data is stored in
> > a database (PostgreSQL on Linux, SQL Server on Windows). I have written
> > a Python program to run on the client, which uses wxPython as a gui,
> > and connects to the database via TCP/IP.
> >
> > The client program contains all the authentication and business logic.
> > It has dawned on me that anyone can bypass this by modifying the
> > program. As it is written in Python, with source available, this would
> > be quite easy. My target market extends well up into the mid-range, but
> > I do not think that any CFO would contemplate using a program that is
> > so open to manipulation.
> >
> > The only truly secure solution I can think of would involve a radical
> > reorganisation of my program
>
> Please define what "truly secure" means to you.
>

Fair question. I am not expecting 'truly' to mean 100% - I know that is
impossible. I will try to explain.

Here are some assumptions -
1. A system adminstrator is responsible for the system.
2. There is a single userid and password for connecting to the
database. This must be stored somewhere so that the client program can
read it to generate the appropriate connection string. The users do not
need to know  this userid and password.
3. Each user has their own userid and password, which is stored in the
database in a 'users' table. I use this in my program for
authentication when a user tries to connect.
4. The client program can be run from anywhere on the network that has
access to the program and to a Python interpreter.

[snip]

>
> But the real answer does depend a lot on *exactly* what kind of security
> you want (or, ultimately, what it turns out you really need, once you've
> clarified your thinking based on the feedback you do get here).  Issues
> like: are you more concerned about detecting changes, or in preventing
> them in the first place? (the latter is much harder); what is the nature
> of software that competes with yours?  (is it really any more secure, or
> only apparently so? maybe this is just a marketing issue); and is there
> any intellectual property that you are trying to protect here, or are
> you just interested in avoiding casual disruption of normal operation?
>

I am not concerned about anyone reading my code - in fact I am looking
forward to releasing the source and getting some feedback.

My concern is this. I have all this fancy authentication and business
logic in my program. If someone wants to bypass this and get direct
access to the database, it seems trivially easy. All they have to do is
read my source, find out where I get the connection string from, write
their own program to make a connection to the database, and execute any
SQL command they want.

If I move all the authentication and business logic to a program which
runs on the server, it is up to the system administrator to ensure that
only authorised people have read/write/execute privileges on that
program. Clients will have no privileges, not even execute. They will
have their own client program, which has to connect to my server
program, and communicate with it in predefined ways. I *think* that in
this way I can ensure that they cannot do anything outside the bounds
of what I allow them.

The only problem is that this is very different from the way my program
works at present, so it will be quite a bit of work to re-engineer it.
If someone can suggest a simpler solution obviously I would prefer it.
But if the consensus is that I am thinking along the right lines, I
will roll up my sleeves and get stuck in.

> -Peter

I hope this explains my thinking a bit better.

Thanks

Frank