Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > Securely distributing python source code as an application?

Reply
Thread Tools

Securely distributing python source code as an application?

 
 
xkenneth
Guest
Posts: n/a
 
      12-07-2007
Hi All,

I'll shortly be distributing a number of python applications that
use proprietary. The software is part of a much larger system and it
will need to be distributed securely. How can i achieve this?

Regards,
Ken
 
Reply With Quote
 
 
 
 
xkenneth
Guest
Posts: n/a
 
      12-07-2007
Message should have read:
Hi All,

I'll shortly be distributing a number of python applications that
use proprietary source code. The software is part of a much larger
system and it
will need to be distributed securely. How can i achieve this?

Regards,
Ken
 
Reply With Quote
 
 
 
 
Tim Churches
Guest
Posts: n/a
 
      12-08-2007
xkenneth wrote:
> Message should have read:
> Hi All,
>
> I'll shortly be distributing a number of python applications that
> use proprietary source code. The software is part of a much larger
> system and it
> will need to be distributed securely. How can i achieve this?


You need to define what you mean by "securely" by specifying what types
of threat you wish to protect against.

Tim C
 
Reply With Quote
 
sturlamolden
Guest
Posts: n/a
 
      12-08-2007
On 7 Des, 23:37, xkenneth <(E-Mail Removed)> wrote:

> I'll shortly be distributing a number of python applications that
> use proprietary. The software is part of a much larger system and it
> will need to be distributed securely. How can i achieve this?


If you provide the application as a web service there is no need to
distribute anything all. That is what Google does.

You don't have to distribute your Python source code. You can
distribute Python bytecode (.pyc files).

Python bytecode can be decompiled, but the source can not be
retrieved. The same is true for Java bytecode, .NET assemblies, even
native executables and library files. Reverse engineering not just an
issue for programs written in Python.

You can oobfuscate the bytecode further. You can build your own Python
runtime and scramble the opcodes. You can device a system that
encrypts and decrypts the bytecode on the fly. But there is no
foolproof way of doing this. Anything you do can be cracked by an
expert. But you can make it very difficult to decompile the bytecode.

You can watermark the bytecode sent to each customer. It will not
prevent reverse engineering, but you will know who is sharing it on
BitTorrent.

You can use a license manager like Macrovision's flexlm. If you build
your own Python runtime from source and scramble the opcodes, you
would have a rather safe licence manager if it's linked with the
flexlm client library.

There is no universal answer to this question. It depends on your
assessment of the risks and the measurements you are willing and
capable of taking. How malicious do you expect your customers to be?
How technologically competent are they? How paranoid are you? Etc.









 
Reply With Quote
 
sturlamolden
Guest
Posts: n/a
 
      12-08-2007

So for example one could:


1. Put all the compiled Python bytecode in an encrypted binary file.

2. Build a small binary executable (.exe file) that:

2a. Reads the binary file.

2b. Decrypts it to conventional Python byte code.

2c. Embeds a Python interpreter.

2d. Executes the bytecode with the embedded Python.

3. Link the executable with a licence manager such as flexlm.


I think that should be rather safe (but I could be wrong).

A really malicious customer/cracker could e.g. look in the exe-file
and extract the crypto key. Then he (or less likely she) could guess
which crypto algorithm you have used, and decrypt the bytecode. The
cracker could then decompile the bytecode to Python VM opcodes, and
use that to reverse engineer your program. One could make it more
difficult for the cracker by asking each customer for a hardware hash
and use that for crypto. That way the key would not be (completely)
visible in the exe file. But history has shown that one can never
safeguard a program 100% against humans with malicious intent. I know
of no DRM system that has never been circumvented.










 
Reply With Quote
 
Larry Bates
Guest
Posts: n/a
 
      12-08-2007
xkenneth wrote:
> Hi All,
>
> I'll shortly be distributing a number of python applications that
> use proprietary. The software is part of a much larger system and it
> will need to be distributed securely. How can i achieve this?
>
> Regards,
> Ken


We have partnered with developers to use our product WebSafe to provide secure
software distribution (among other uses for the service). Take a look at:
http://www.websafe.com. We have a special program for developers that allows
you to put our API inside your application as well.

Larry Bates
Vice President/CTO
WebSafe, Inc.
 
Reply With Quote
 
Ben Finney
Guest
Posts: n/a
 
      12-11-2007
xkenneth <(E-Mail Removed)> writes:

> I'll shortly be distributing a number of python applications that
> use proprietary.


That's unfortunate. Hopefully it's not too late to avoid restricting
yourself and your users in this way.

> The software is part of a much larger system and it will need to be
> distributed securely. How can i achieve this?


That depends partly on what "distributed securely" means for you. Can
you elaborate? In particular, what threat model are you seeking
security from?

--
\ "If I ever get real rich, I hope I'm not real mean to poor |
`\ people, like I am now." -- Jack Handey |
_o__) |
Ben Finney
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
distributing apps without the Python source? Joe Strout Python 6 10-09-2008 12:27 AM
Distributing Java Source Roedy Green Java 56 07-31-2008 02:35 AM
Distributing closed source modules Jiri Barton Python 5 03-29-2005 06:07 PM
securely overwrite files with Python Bart Nessux Python 11 03-06-2004 08:02 PM
Python prog needs root -how to do this securely John D. Python 1 09-04-2003 07:46 PM



Advertisments