Technical Answer - Protecting code in python

Wed Mar 21 20:59:57 EDT 2007

Steven D'Aprano wrote:
> Protect it from what? Viruses? Terrorists? The corrupt government? Your
> ex-wife cutting it up with scissors? People who want to copy it? People
> who will look at your code and laugh at you for being a bad programmer?
> 
> Until you tell us what you are trying to protect against, your question
> is meaningless.
> 
> Is your program valuable? Is it worth money? Then the 90% of script
> kiddies will just wait three days, and download the program off the
> Internet after the real hackers have broken your protection.
> 
> If it is NOT valuable, then why on earth do you think people will put up
> with whatever "protection" you use? Why won't they just use another
> program?

Some of us live in a world where consultants get paid for the work they 
do /by clients/. That work might be delivering the solution to some kind 
of problem. Whatever that problem is, a Python script can apparently 
solve it. Just to give a few ideas: grabbing data from a web server, 
converting output from system x in such a way that it can be used by 
system y, etc.

Now - and I know this will take a enormous leap of imagination, but try! 
try! - imagine that whatever the original problem was, it has changed. 
Maybe server x has changed into server z. Maybe the web page that we're 
pulling data from has a different format now. We don't know.

The consultant will leave a program that is of course highly 
configurable so that the client can make simple changes him/herself. He 
has to, as his clients will stop doing business if they have to call him 
for every fart they let out.

However, there can also be more complex cases. What the consultant wants 
is that the client will call HIM to fix the problem, not the director's 
nephew who took two weeks of classes.
Or the consultant wants to be sure that the two dimwitted nimcumpoops at 
the office who /think/ they can write code don't screw up the script 
when they're trying to 'fix' or 'improve' something. And blame the 
consultant if the script all of a sudden stops working 'we did not do 
anything. It just stopped working all of a sudden'.
Or he doesn't want to expose the passwords needed to logon to the 
database server. Or whatever.

So, there are reasons enough why someone wants to render his code 
immutable and/or unreadable *to some extent*. He doesn't have to fear 
reverse engineering by decompiling assembly code. If the 'hacker' can do 
that, he can probably put the whole script together. The consultant's 
problem are the people who shouldn't be touching or reading the script 
because they have no clue what they are doing and want to 'help' anyway. 
The OP clearly states that he does not want a discussion as to why to 
protect the code. All he wants is something that turns 'readable, 
changeable python' into 'unreadable, immutable python'. Yes, there are 
ways to get around it, but that is not his 'target audience' for the 
'protection'.

Yes, I do smell a troll, but not in the original mail.