obviscating python code for distribution
Nobody
nobody at nowhere.com
Mon May 16 08:05:07 EDT 2011
On Sun, 15 May 2011 23:41:23 -0600, Littlefield, Tyler wrote:
> Here's kind of what I want to prevent. I want to write a multi-player
> online game; everyone will essentually end up connecting to my server to
> play the game. I don't really like the idea of security through
> obscurity, but I wanted to prevent a couple of problems.
> 1) First I want to prevent people from hacking at the code, then using
> my server as a test for their new setups. I do not want someone to gain
> some extra advantage just by editing the code.
> Is there some other solution to this, short of closed-source?
Closed source will not help in the slightest.
What will help is to remember the fundamental rule of client-server
security: Don't Trust The Client. If you don't remember this rule, you
have no security whatsoever, whether the source is open or closed.
Obfuscating the source won't prevent someone from running it under a
modified Python interpreter, or running an unmodified Python interpreter
under a debugger, or with modified DLLs (or even device drivers).
To give just one example, Blizzard has a whole team of people working on
anti-cheating measures, most of which involve installing various pieces of
privacy-invading, security-endangering malware on their customers'
systems. And it still doesn't work.
More information about the Python-list
mailing list