Technical Answer - Protecting code in python

Wed Mar 21 20:06:47 EDT 2007

flit wrote:
>
> OK, that kind of answer is what I was trying to avoid..

Perhaps, but it's possible that people get tired of answering the same
questions over and over again. A search in comp.lang.python for
"protect source code" will provide lots of answers, some as purely
technical as you desire.

> On Mar 21, 1:23 pm, Steven D'Aprano
> <s... at REMOVE.THIS.cybersource.com.au> wrote:
> > On Wed, 21 Mar 2007 06:36:16 -0700, flit wrote:
> > > 1 - There is a way to make some program in python and protects it? I
> > > am not talking about ultra hard-core protection, just a simple one
> > > that will stop 90% script kiddies.
> >
> > Protect it from what? Viruses? Terrorists? The corrupt government? Your
> > ex-wife cutting it up with scissors? People who want to copy it? People
> > who will look at your code and laugh at you for being a bad programmer?
> >
> > Until you tell us what you are trying to protect against, your question
> > is meaningless.
>
> In this time I supposed someone took too much coffee..But will
> ignore..

I think Mr D'Aprano seeks too much clarification for what would appear
to be a question that would be satisfied by a "fire and forget"
response, in that people telling you the usual things (distribute
bytecode, make an executable, deploy a Web service) and leaving you to
figure it out yourself would be sufficient, especially from my
perspective since I view binary-only software rather dimly having had
to work with it (or mostly around it) fairly often in previous
corporate environments. However, in choosing to ignore what he has to
say (although you've made a bad job of actually ignoring it) you lose
out on some good insights.

> > Is your program valuable? Is it worth money? Then the 90% of script
> > kiddies will just wait three days, and download the program off the
> > Internet after the real hackers have broken your protection.
> >
> > If it is NOT valuable, then why on earth do you think people will put up
> > with whatever "protection" you use? Why won't they just use another
> > program?
>
> It´s doesn´t matter if it is the next BIG HIT Ultra-fast-next-google
> thing or a programm to take control of my "pet-people-living-in-
> welfare-trying-to-be-political"
> It´s a technical question, If you can´t answer it ok, I will not
> suppose that you are it or that, it´s not a personal question or
> matter.

No, but as was pointed out, if you make something valuable enough and
apply complicated enough technology to protect it, you spend your way
into becoming a top ten target for people who will "unprotect" it in
every sense. So it's a social and an economic matter as well as an
ethical and a technical one. Don't agree? You should read the paper
about reverse engineering Skype - the effort used Python, by the way -
and that was done ostensibly for network management purposes, although
lots of people would quite happily leverage that kind of work for
other purposes. Sure, most people won't care about your program enough
to do anything more than run a decompiler on it (either a Python
bytecode one or a machine code one), and that might be too
sophisticated for your users, but it's a tradeoff defined in terms of
who your users are and what the reward might be for them in getting
access to your "secrets".

> > > 2 - If I put the code in web like a web service, how can I protect my
> > > code from being ripped? There is a way to avoid someone using my site
> > > and ripping the .py files?
> >
> > Don't make the .py files available on the web server.
> >
>
> Now we have a real contribution to the thread. Thank You

It was surely the answer all along. Software as a service, you know?

> > [penny drops]
> >
> > Hang on, you want us to believe that you're a serious computer programmer
> > with a seriously valuable program that's worth "protecting", and you don't
> > know that? I smell a troll.

[...]

> Again, you don´t have to believe, suppose or think anything about me,
> are you capable to make any contribution? Technical one? Are you
> sooooooo good and "serious" programmer that you did not develop your
> personal skills, and thinks that winning an argument in internet is
> the best thing in the world?

If the advice to not distribute your code - instead offering the
software as a service - was genuinely enlightening to you then I think
Mr D'Aprano has made quite a contribution that you fail to
acknowledge. If the enlightenment is merely for show, expressing shock
that Python programs can't be protected when they're distributed, then
stopping short of using the T word (as in the word used by Mr D'Aprano
above) I'd say that you should acquaint yourself with "copy
protection" and DRM mechanisms as well as the phenomenon that is
Trusted (a.k.a. Treacherous) Computing, then apply that knowledge to
any other favourite platforms and tools you may have.

Paul

P.S. I suppose sarcasm is a natural response when someone feels like
they're being lectured to, but you could pay good money and not get
advice as comprehensive as this. Still, I suppose it beats people
thinking that software patents are somehow cool tools of innovation
that confer technical and social credibility.