obviscating python code for distribution
Chris Angelico
rosuav at gmail.com
Wed May 18 14:49:30 EDT 2011
On Thu, May 19, 2011 at 4:26 AM, Littlefield, Tyler <tyler at tysdomain.com> wrote:
>>might be secure as long as attackers cannot, say:
> You forgot UFOs.
> Anyway, again, thanks to everyone for the advice, this is good reading.
> Incidentally, I don't know to much about security. I know about rate
> limiting and dos attacks, as well as some others, but I think there's a lot
> more that I don't know--can someone kind of aim me in the right direction
> for some of this? I want to be able to take techniques, break my server and
> then fix it so that can't be done before I head to public with this.
Your last sentence IS the right direction. The two easiest ways to
find out if your system is secure are (1) try to break it, and (2)
pore over the code and see what can be broken.
When you start testing things, try doing things in the wrong order.
Your server should either cope with it fine, or throw back an error to
that client, but should never allow any action that that client hasn't
already proven he's allowed to do.
There's plenty of people here who know what they're talking about when
it comes to security (just skim over this thread for a few good
names!), so if you have specific questions regarding your Python code,
do ask. Alternatively, if it's not particularly Python-related, I
would be happy for you to email me privately; I'm a gamer, and run an
online game, so I'd be quite willing to have a bit of a poke at your
code.
Chris Angelico
More information about the Python-list
mailing list