Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > Re: After C++, what with Python?

Reply
Thread Tools

Re: After C++, what with Python?

 
 
Octavian Rasnita
Guest
Posts: n/a
 
      01-19-2011
From: "Tim Harig" <(E-Mail Removed)>
> On 2011-01-18, Terry Reedy <(E-Mail Removed)> wrote:
>> On 1/18/2011 10:30 AM, Tim Harig wrote:
>>
>>> Whether or not you actually agree with that economic reality is
>>> irrelevant. Those who fund commerical projects do; and, any
>>> developement
>>> tool which violates the security of the source is going to find itself
>>> climbing an uphill battle in trying to gain market penetration with
>>> commericial software producers.

>>
>> Of course. When I submit or commit patches, I am doing it mostly for
>> hobby, educational, and scientific users, and maybe website makers (who
>> make site I can visit). If commercial users piggyback on top, ok. I do
>> not know how many developers, if any, are after such market penetration.

>
> You kind of over-extended the intentions of my comment. It does not apply
> to open source software in general. I agree that open source authors are
> not interested in the quantitative value of market penetration. However,
> I
> am betting that most authors of developement tools would like to be able
> to
> use their tools on the job.
>
> I am sure that more software developers would love to develop using
> Python as part of their job. For some this is a reality; but, many more
> are stuck using their employer's choice of language. One of the factors
> that employers consider, when they choose a language, if they produce
> retail software is that the process of compiling will sufficiently
> obfiscate their code.
> --




True. But aren't the Pyton bytecode-compiled files considered secure enough?
Can they be easily decompiled?

Octavian

 
Reply With Quote
 
 
 
 
Stefan Behnel
Guest
Posts: n/a
 
      01-19-2011
Octavian Rasnita, 19.01.2011 07:10:
> aren't the Pyton bytecode-compiled files considered secure enough?
> Can they be easily decompiled?


Yes.

Stefan

 
Reply With Quote
 
 
 
 
Octavian Rasnita
Guest
Posts: n/a
 
      01-19-2011
From: "Stefan Behnel" <(E-Mail Removed)>
> Octavian Rasnita, 19.01.2011 07:10:
>> aren't the Pyton bytecode-compiled files considered secure enough?
>> Can they be easily decompiled?

>
> Yes.
>
> Stefan
>



Would it be hard to introduce the possibility of adding encryption of the
bytecode similar to what the Zend encoder does for PHP or Filter::Crypto for
Perl?

Octavian




 
Reply With Quote
 
Stefan Behnel
Guest
Posts: n/a
 
      01-19-2011
Octavian Rasnita, 19.01.2011 11:31:
> From: "Stefan Behnel"
>> Octavian Rasnita, 19.01.2011 07:10:
>>> aren't the Pyton bytecode-compiled files considered secure enough?
>>> Can they be easily decompiled?

>>
>> Yes.


FYI, just take a look at the 'dis' module. There are also decompilers
available. IIRC, one is called "decompyle".


> Would it be hard to introduce the possibility of adding encryption of the
> bytecode similar to what the Zend encoder does for PHP or Filter::Crypto
> for Perl?


You can use an import hook to do anything you like. That includes
decrypting a file and extracting a normal .pyc from it that can then be
imported. However, that won't prevent users from inspecting the code at
runtime if they get a handle at it (which they likely will if they try).

Stefan

 
Reply With Quote
 
geremy condra
Guest
Posts: n/a
 
      01-19-2011
On Wed, Jan 19, 2011 at 2:31 AM, Octavian Rasnita <(E-Mail Removed)> wrote:
> From: "Stefan Behnel" <(E-Mail Removed)>
>>
>> Octavian Rasnita, 19.01.2011 07:10:
>>>
>>> aren't the Pyton bytecode-compiled files considered secure enough?
>>> Can they be easily decompiled?

>>
>> Yes.
>>
>> Stefan
>>

>
>
> Would it be hard to introduce the possibility of adding encryption of the
> bytecode similar to what the Zend encoder does for PHP or Filter::Crypto for
> Perl?
>
> Octavian


The iron law of cryptography: there is no cryptographic solution to a
problem in which the attacker and intended recipient are the same
person.

Schemes like this are at most an annoyance to people willing to
reverse engineer your code.

Geremy Condra
 
Reply With Quote
 
Grant Edwards
Guest
Posts: n/a
 
      01-19-2011
On 2011-01-19, geremy condra <(E-Mail Removed)> wrote:
> On Wed, Jan 19, 2011 at 2:31 AM, Octavian Rasnita <(E-Mail Removed)> wrote:


>> Would it be hard to introduce the possibility of adding encryption of the
>> bytecode similar to what the Zend encoder does for PHP or Filter::Crypto for
>> Perl?

>
> The iron law of cryptography: there is no cryptographic solution to a
> problem in which the attacker and intended recipient are the same
> person.
>
> Schemes like this are at most an annoyance to people willing to
> reverse engineer your code.


And they somehow usually end up being an annoyance to customers who
are not trying to reverse engineer your code but are merely trying to
use it legally.

--
Grant Edwards grant.b.edwards Yow! I'd like MY data-base
at JULIENNED and stir-fried!
gmail.com
 
Reply With Quote
 
Octavian Rasnita
Guest
Posts: n/a
 
      01-19-2011
From: "geremy condra" <(E-Mail Removed)>
> On Wed, Jan 19, 2011 at 2:31 AM, Octavian Rasnita <(E-Mail Removed)> wrote:
>> From: "Stefan Behnel" <(E-Mail Removed)>
>>>
>>> Octavian Rasnita, 19.01.2011 07:10:
>>>>
>>>> aren't the Pyton bytecode-compiled files considered secure enough?
>>>> Can they be easily decompiled?
>>>
>>> Yes.
>>>
>>> Stefan
>>>

>>
>>
>> Would it be hard to introduce the possibility of adding encryption of the
>> bytecode similar to what the Zend encoder does for PHP or Filter::Crypto for
>> Perl?
>>
>> Octavian

>
> The iron law of cryptography: there is no cryptographic solution to a
> problem in which the attacker and intended recipient are the same
> person.
>
> Schemes like this are at most an annoyance to people willing to
> reverse engineer your code.
>
> Geremy Condra



I don't know how the Python bytecode works... how it is executed.

I thought that Python parses the .py file and generates the bytecode that doesn't contain all the necessary information for re-creating the source code.
(But that I agree, that might mean real compilation which is not the case...)

Octavian




 
Reply With Quote
 
Stefan Behnel
Guest
Posts: n/a
 
      01-20-2011
Tim Harig, 18.01.2011 12:37:
> On 2011-01-18, Stefan Behnel wrote:
>> Tim Harig, 17.01.2011 20:41:
>>> I prefer a single language as opposed to a creolization of two.

>>
>> With the possible exception of Lisp, I find it hard to think of a language
>> that's still alive and not the creolisation of (at least) two other
>> languages. They all inherited from each other, sometimes right from the
>> start ("lessons learned") and always during their subsequent life time.

>
> I am not talking about language influences. Cython effectively requires
> two separate languages that interoperate. The end result is a mix
> of two code written in two separate langauges. That is not a single
> language solution.


I don't really agree with the word "separate", and especially not "two
codes". I think of Cython more as Python with the addition of C data types,
integrated by a smart compiler. So the language actually is Python, it's
just that you can apply it to a broader set of data representations.

Stefan

 
Reply With Quote
 
Dave Angel
Guest
Posts: n/a
 
      01-20-2011
On 01/-10/-28163 02:59 PM, Octavian Rasnita wrote:
> From: "geremy condra"<(E-Mail Removed)>
>> On Wed, Jan 19, 2011 at 2:31 AM, Octavian Rasnita<(E-Mail Removed)> wrote:
>>> <snip>
>>>
>>> Would it be hard to introduce the possibility of adding encryption of the
>>> bytecode similar to what the Zend encoder does for PHP or Filter::Crypto for
>>> Perl?
>>>
>>> Octavian

>>
>> The iron law of cryptography: there is no cryptographic solution to a
>> problem in which the attacker and intended recipient are the same
>> person.
>>
>> Schemes like this are at most an annoyance to people willing to
>> reverse engineer your code.
>>
>> Geremy Condra

>
>
> I don't know how the Python bytecode works... how it is executed.
>
> I thought that Python parses the .py file and generates the bytecode that doesn't contain all the necessary information for re-creating the source code.
> (But that I agree, that might mean real compilation which is not the case...)
>
> Octavian
>

It's not hard to experiment with. I've written disassemblers for other
byte-code formats, but not for Python's. The following is pasted
together, so it may not be completely correct. But it's close.


Python 2.6.5 (r265:79063, Apr 16 2010, 13:09:56)
[GCC 4.4.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> def test(arg1, arg2):

.... if arg1 < 65:
.... print arg2
....
>>> import dis
>>> dis.dis(test)

2 0 LOAD_FAST 0 (arg1)
3 LOAD_CONST 1 (65)
6 COMPARE_OP 0 (<)
9 JUMP_IF_FALSE 9 (to 21)
12 POP_TOP

3 13 LOAD_FAST 1 (arg2)
16 PRINT_ITEM
17 PRINT_NEWLINE
18 JUMP_FORWARD 1 (to 22)
>> 21 POP_TOP
>> 22 LOAD_CONST 0 (None)

25 RETURN_VALUE
>>>


Now, there are tools which reverse that into something pretty similar to
python source. But you can see even from the built-in features that
lots of information is there. I'd assume that something very similar is
in the byte code files themselves.

DaveA

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
if instance variable get initialize after assigning some values or after constructor then when does static variable get initialize Tony Morris Java 3 02-04-2006 08:39 AM
.NET server becomes slow after several hours, go back normal after restarting IIS davidw ASP .Net 3 08-27-2004 06:25 PM
After adding Textboxes to calender control, how to get values after Postback? Andreas Klemt ASP .Net 0 02-01-2004 02:54 AM
Datalist selects Item after first click, but does apply the SelectedItemTemplate after the second click only Dirk Meusel ASP .Net 1 08-19-2003 09:56 AM



Advertisments