obviscating python code for distribution
Dotan Cohen
dotancohen at gmail.com
Wed May 18 10:42:36 EDT 2011
On Wed, May 18, 2011 at 10:36, Hans Georg Schaathun <hg at schaathun.net> wrote:
> But then, nothing is secure in any absolute sense. The best you can
> do with all your security efforts is to manage risk. Since obfuscation
> increases the cost of mounting an attack, it also reduces risk,
> and thereby provides some level of security.
>
> Obviously, if your threat sources are dedicated hackers or maybe MI5,
> there is no point bothering with obfuscation, but if your threat source
> is script kiddies, then it might be quite effective.
>
The flip side is that the developer will not know about weaknesses
until much later in the development, when making changes to the
underlying code organization may be difficult or impossible. In this
early phase of development, he should actually encourage the script
kiddies to "report the bugs".
--
Dotan Cohen
http://gibberish.co.il
http://what-is-what.com
More information about the Python-list
mailing list