[Python-ideas] I have an encrypted python module format: .pye

[Mike Meyer]

On Sat, 12 May 2012 06:27:03 +0800
li wang <charlesw123456 at gmail.com> wrote:
> When a .pye is imported, python will check the environment variable
> PYTHONENCRYPT, if this environment variable is defined with non-blank
> value, the value is used to generate AES key and CBC initialize vector
> which will be used to encrypt .py and decrypt .pye.

And what prevents the customer from doing that themselves in order to
read the source?

> Now it is work for me, does the python community is interested for it?
> I believe this feature can be helpful to let the python to be used in
> bussiness use case.

While the ability to hide code is a recurring request, it really
doesn't get a lot of support. The problem is that you have to have the
plain text of the code available on the customers machine in order to
run it. So everything they need to know to decrypt it has to be on the
machine, meaning you're relying on obscuring some part of that
information to keep them from decrypting it outside of the execution
environment.  Security through obscurity is a bad idea, and never
really works for very long.

The recommended solution is to package your software so that reading
the source isn't really a requirement. One alternative is to ship both
a Python executable and .pyo files without the .py files. I believe
there's even a tool for windows that bundles all of that up into a
.exe file. This is really just more obscurity, though. It's not like
extracting the .pyo files from the .exe is impossible, and turning
.pyo files back into python code is straightforward.

The better approach is to refactor the critical code into a web
service, and sell the users a client and an account. Or give away the
client and just sell the account.

       <mike
-- 
Mike Meyer <mwm at mired.org>		http://www.mired.org/
Independent Software developer/SCM consultant, email for more information.

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org