obviscating python code for distribution

Steven D'Aprano steve+comp.lang.python at pearwood.info
Mon May 16 00:03:09 EDT 2011 

On Sun, 15 May 2011 21:36:53 -0600, Littlefield, Tyler wrote:

> I'm putting lots of work into this. I would rather not have some script
> kiddy dig through it, yank out chunks and do whatever he wants. 


The best way to do that is to labour in obscurity, where nobody either 
knows or cares about your application. There are hundreds of thousands, 
possibly millions, of such applications, with a user base of one: the 
creator.

One other alternative is to ask yourself, what's the marginal value of 
yanking out chunks from my code? What harm does it do me if Joe Haxor 
spends hours pulling out one subroutine, or a dozen, from my app, and 
using them in his app? Why should I care?

It never ceases to amaze me how often people write some trivial 
application, like a thousand others, or even some trivial function or 
class, and then treat it like the copyright to Mickey Mouse. I don't know 
what your application is, or how it works. It's conceivable that it's the 
next Microsoft Office. But my advice to you is to take a pragmatic, 
realistic view of the cost of copyright infringement.

If it's going to cost you $1000 in extra effort to prevent $100 of harm, 
it's simply not worth it.



> I just
> want to distribute the program as-is, not distribute it and leave it
> open to being hacked.

Right... because of course we all know how Windows being distributed 
without source code makes it soooooo secure.

You are conflating two different issues:

* Can people "steal" or copy my ideas and code?

* Can people hack my code (in the bad sense)?


I hope this does not offend, because I mean it in the nicest possible 
way, but if you think that not distributing source code will prevent your 
code from being broken, then you are delusional.

Look at Facebook and its periodic security holes and accounts being 
hacked. Not only don't Facebook distribute source code, but they don't 
distribute *anything* -- their application is on their servers, behind a 
firewall. Does it stop hackers? Not a chance.


-- 
Steven

More information about the Python-list mailing list