Path: csiph.com!usenet.pasdenom.info!gegeweb.org!de-l.enfer-du-nord.net!feeder1.enfer-du-nord.net!feeds.phibee-telecom.net!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.018 X-Spam-Evidence: '*H*': 0.96; '*S*': 0.00; 'true,': 0.04; 'subject:Python': 0.05; 'bits': 0.07; 'distributing': 0.07; 'subject:code': 0.07; 'python': 0.09; 'sep': 0.09; 'portion': 0.13; 'language': 0.14; 'file,': 0.15; 'server,': 0.15; 'bytecode': 0.16; 'encryption': 0.16; 'jerry': 0.16; 'whatever,': 0.16; 'wrote:': 0.17; 'hack': 0.18; 'written': 0.20; 'trying': 0.21; 'java': 0.21; 'keys': 0.22; 'machine': 0.24; 'pass': 0.25; 'header:In-Reply-To:1': 0.25; 'am,': 0.27; 'in.': 0.27; 'message- id:@mail.gmail.com': 0.27; 'fri,': 0.30; 'code': 0.31; 'received:209.85.160.46': 0.32; 'running': 0.32; 'anyone': 0.33; 'to:addr:python-list': 0.33; 'received:google.com': 0.34; 'done': 0.34; 'subject:?': 0.35; 'received:209.85': 0.35; 'but': 0.36; 'client': 0.36; 'does': 0.37; 'why': 0.37; 'received:209': 0.37; 'subject:: ': 0.38; 'easier': 0.38; 'to:addr:python.org': 0.39; 'header:Received:5': 0.40; 'your': 0.60; 'easy': 0.60; 'matter': 0.61; 'service.': 0.61; 'back': 0.62; 'relatively': 0.62; 'ever': 0.63; 'account': 0.67; 'protect': 0.69; 'money': 0.74; 'yourself': 0.77; 'bank': 0.77; 'subject:source': 0.84; 'transfer,': 0.84; 'typically,': 0.84; 'secrets': 0.95; 'hands': 0.97 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=LvUJYNj1e/BR++muNv81kO584Foj8yYbmpGTHQskCHc=; b=RWDGZVAxXRHM7Vh+VEfcIxE79UMqVoqgi10lGukDWCwXq5RAnaQxpQa/pc402pHKX9 4vP1yhWv5s9RB9PJv2EFt85g3wpSeoe73LScMwJ6ju2BvQsxmIwdbpvLxf/kamUQMaF1 rUJFmvtjt2aDxZpKhX/P/MMKsBAJrbkv+deNw37/XYMWsp6U8A6WHfsIrMdZ5uDAzzIc 311taG5lqWR7xBFRU8VXH2ZfpRKIMoc+ecm8IX8BtgMmT11/c+TtqKN8sOqfe6zyafE7 J+8752x6pcvvXe1MB0U1fjYRD4iKgyeFgnavqcYFeFSjSPFdHHyNhggkCSVLygA1IaT7 eqJg== MIME-Version: 1.0 In-Reply-To: References: <0023d73b-00f6-4d82-b68b-eb28f4587ab1@googlegroups.com> Date: Fri, 28 Sep 2012 10:38:00 -0400 Subject: Re: Python source code easy to hack? From: Jerry Hill To: python-list@python.org Content-Type: text/plain; charset=UTF-8 X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 21 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1348843084 news.xs4all.nl 6982 [2001:888:2000:d::a6]:60732 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:30392 On Fri, Sep 28, 2012 at 10:18 AM, wrote: > Python bytecode is not easier to hack than Java or .NET bytecodes. This is true, but both java and .net are also relatively easy to decompile. In general though, why does it matter? What are you trying to protect yourself against? If you're including secrets in your code like encryption keys or bank account numbers, there's no way to keep them out of the hands of a determined attacker that has access to your file, no matter what language it may be written in. If you must keep anyone from ever seeing how your code works, the only way to do that is to keep all the sensitive bits running on a machine that you control. Typically, you would do that by distributing a client portion of your application, and also running a web service. Then you can have your client connect to the web service, request that the sensitive calculations, or money transfer, or whatever, be done on the server, and just pass back the results. -- Jerry