Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Python Applications: Can You Secure Your Code Somehow?

If there is truly a 'best' way, what is the best way to ship a python app and ensure people can't (easily) reverse engineer your algorithms/security/work in general?

If there isn't a 'best' way, what are the different options available?

Background: I love coding in Python and would love to release more apps with it. One thing that I wonder about is the possibility of people circumventing any licensing code I put in, or being able to just rip off my entire source base. I've heard of Py2Exe and similar applications, but I'm curious if there are 'preferred' ways of doing it, or if this problem is just a fact of life.

like image 753
Eddie Parker Avatar asked Jan 24 '09 00:01

Eddie Parker


People also ask

Are Python programs secure?

But like all programming languages, Python is not immune to security threats. Secure coding best practices must be adopted to avoid risks from attackers. In this post, we'll explore Python security best practices that should employed when building secure application.

How can I protect my Python code but still make it available to run?

The best solution to this vulnerability is to encrypt Python source code. Encrypting Python source code is a method of “Python obfuscation,” which has the purpose of storing the original source code in a form that is unreadable to humans.


2 Answers

Security through obscurity never works. If you must use a proprietary license, enforce it through the law, not half-baked obfuscation attempts.

If you're worried about them learning your security (e.g. cryptography) algorithm, the same applies. Real, useful, security algorithms (like AES) are secure even though the algorithm is fully known.

like image 105
Matthew Flaschen Avatar answered Sep 21 '22 03:09

Matthew Flaschen


Even if you use a compiled language like C# or Java, people can perform reverse engineering if they are motivated and technically competent. Obfuscation is not a reliable protection against this.

You can add prohibition against reverse-engineering to your end-user license agreement for your software. Most proprietary companies do this. But that doesn't prevent violation, it only gives you legal recourse.

The best solution is to offer products and services in which the user's access to read your code does not harm your ability to sell your product or service. Base your business on service provided, or subscription to periodic updates to data, rather than the code itself.

Example: Slashdot actually makes their code for their website available. Does this harm their ability to run their website? No.

Another remedy is to set your price point such that the effort to pirate your code is more costly than simply buying legitimate licenses to use your product. Joel Spolsky has made a recommendation to this effects in his articles and podcasts.

like image 21
Bill Karwin Avatar answered Sep 22 '22 03:09

Bill Karwin