How to protect python code ?

Mon Apr 7 11:22:00 EDT 2003

On Mon, 7 Apr 2003, msw wrote:

> Jp Calderone wrote:
> > On Thu, Apr 03, 2003 at 09:35:49AM +0200, christophe grimault wrote:
> >>Before trying my own solutions, I wonder if someone already has a solution
> >>to this. We have been programming a quite large application in python and
> >>it contains many original algorithm and other things. The application will
> >>be sent to customers in a few month and since it is a commercial app, we
> >>need some protection against copy (illegal copies) and we need to make
> >>sure that critical parts of the code cannot be viewed and studied.
> >>
>
> I'm really interested in this as well, and I think that it's an
> important issue for python.  Unfortunately, as I'm sure you've
> discovered by now, it's a question that comp.lang.python is
> constitionally incapable of answering.  The only answers you will get in
> this group are:
>
> 1. intellectual property law is sufficient
> 2. no protection scheme is perfect

Not true - check the archives. In the past people, including myself, have
posted the general steps to do to "protect" the code. It's not worth the
effort in most cases, IMO, but answers *have* been given.

[snip]
> I think it ought to be relatively easy to distribute a hacked version of
> the python interpreter with your application that substitutes the
> standard "import" code with code that first looks for .pys files (or,
> what the hell, .tcl - let's not make this any easier) that are
> des-encrypted .py files.

It *is* relatively easy to do this - there are various ways to overload
imports, import from libraries, add new extensions and import handlers,
and you don't need a "hacked" interpreter - the simplest example of
running Python from C code will do.

> But unfortunately, if anyone's done this, you'll never find out about it
> on c.l.p.  :-)

Not true. What you *will* find on c.l.p however are many people who ask
for this but *appear* to misunderstand how much benefit it really gives
them as well as what costs are involved. Also, many of these people refuse
to do any investigation into how to do it. Even after given a few hints
they moan and groan because nobody will do it for them. I don't think the
OP was doing these things, but I do think that's why you don't see others
lining up to help.

For most programs, you're kidding yourself if you think the code is *that*
valuable. It has value, sure, but very few programs have some great secret
that needs to remain hidden. If you want to hide your code, use py2exe or
McMillian's Installer - that will keep out just about everyone without
adding too much complexity or maintenance costs. Beyond that, the law of
diminishing returns starts to win because pretty quickly you get into
guarding against people who are willing to invest large amounts of time
cracking it or, worse, people who crack for fun.

Even once you have the source code, there's still enormous work involved
before you can use it to generate revenue (to create your own knock-off
product). In the case of protecting the code to protect the revenue stream
(anti-piracy), you have to realize things like many/most pirates would not
have purchased your program anyway, your selling price may be too high,
having your customer relationship depend completely on the product itself
is a weak position and tough to defend, etc.

My two cents,
Dave