Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #5709

Re: obviscating python code for distribution

Path csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!selfless.tophat.at!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path <rosuav@gmail.com>
X-Original-To python-list@python.org
Delivered-To python-list@mail.python.org
X-Spam-Status OK 0.060
X-Spam-Evidence '*H*': 0.88; '*S*': 0.00; 'wed,': 0.03; 'bits': 0.07; 'nasty': 0.07; 'server,': 0.12; 'am,': 0.14; 'binary': 0.14; 'wrote:': 0.14; 'subject:python': 0.14; 'developer': 0.15; 'angelico': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'hans': 0.16; 'hardest': 0.16; 'obscure': 0.16; 'subject:distribution': 0.16; 'header:In-Reply-To:1': 0.21; 'ignore': 0.21; 'thu,': 0.22; 'memory': 0.22; 'stuff': 0.22; 'assume': 0.23; 'trying': 0.23; 'received:209.85.210.174': 0.23; 'received:mail-iy0-f174.google.com': 0.23; 'subject:code': 0.23; '(or': 0.24; 'server.': 0.25; 'message-id:@mail.gmail.com': 0.28; 'server': 0.29; 'temporary': 0.29; 'code,': 0.29; 'fairly': 0.30; 'agreed.': 0.30; 'it.': 0.31; 'seem': 0.32; "can't": 0.32; 'someone': 0.33; 'to:addr:python-list': 0.33; 'things': 0.33; "i'll": 0.34; 'chris': 0.34; 'thinking': 0.34; 'that,': 0.34; 'there': 0.35; 'trigger': 0.35; 'test': 0.35; 'hold': 0.36; 'probably': 0.36; 'uses': 0.36; 'received:google.com': 0.37; 'received:209.85': 0.37; 'put': 0.37; 'think': 0.38; 'but': 0.38; 'subject:: ': 0.38; 'some': 0.38; 'should': 0.39; 'client': 0.39; 'received:209': 0.39; 'system.': 0.39; 'either': 0.39; 'to:addr:python.org': 0.39; 'basic': 0.40; 'getting': 0.40; 'absolute': 0.40; 'really': 0.40; 'happen': 0.60; 'worth': 0.60; 'your': 0.60; 'stop': 0.62; 'human': 0.62; 'secure': 0.63; 'bring': 0.64; 'enough,': 0.65; 'business': 0.70; 'traffic': 0.70; 'easily,': 0.73; 'low': 0.73; 'physical': 0.76; 'connection.': 0.77; '100%': 0.80; 'against,': 0.84; 'philosophy,': 0.84; 'rays': 0.84; 'burst': 0.91; 'defend': 0.91; 'attacks': 0.93
DKIM-Signature v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=wZamr/Libh6t94yDUgQ+awo4svVMWoZr48tXF60Hc2Q=; b=whEE3nl1S2BmC/vlsuJ6B7U1GCAbpRu/sC1pv/iAQ7oLEbTNluMXIV4TMd6NzTBgvu RR5rX3CCsaC+8MSt6deihumNwv88uZo1rvxz6B2B7S8HxmzLs1SH+UHjljgZGkVrHZNZ hgzHBRnVUApRjTbnlIkb1eBPRFpqUmHPBh/n0=
DomainKey-Signature a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=H1UtHF9Czwi7VJTGOYlaiXViN4FpsTImipVqwprYaQdq1nZVRfqtSadT3B/rzZFs0K mKcsTml6MuDRs4BAIFTlDQn7yqqMlb/KLqSEf2Y8+lOswSGC/fEINvIoKHWzXTjfT9sS YO2630NGiSEZDWBcepHjSPycsj3fUX8tUReEU=
MIME-Version 1.0
In-Reply-To <BANLkTikm9+ordG3xudYTdmrce3vPcHnQ-A@mail.gmail.com>
References <4DD08620.4030507@tysdomain.com> <mailman.1611.1305512463.9059.python-list@python.org> <op.vvlipenoa8ncjz@gnudebst> <5h9ca8-ekq.ln1@svn.schaathun.net> <BANLkTikm9+ordG3xudYTdmrce3vPcHnQ-A@mail.gmail.com>
Date Thu, 19 May 2011 03:24:12 +1000
Subject Re: obviscating python code for distribution
From Chris Angelico <rosuav@gmail.com>
To python-list@python.org
Content-Type text/plain; charset=ISO-8859-1
X-BeenThere python-list@python.org
X-Mailman-Version 2.1.12
Precedence list
List-Id General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive <http://mail.python.org/pipermail/python-list>
List-Post <mailto:python-list@python.org>
List-Help <mailto:python-list-request@python.org?subject=help>
List-Subscribe <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups comp.lang.python
Message-ID <mailman.1758.1305739455.9059.python-list@python.org> (permalink)
Lines 37
NNTP-Posting-Host 82.94.164.166
X-Trace 1305739455 news.xs4all.nl 49039 [::ffff:82.94.164.166]:50524
X-Complaints-To abuse@xs4all.nl
Xref x330-a1.tempe.blueboxinc.net comp.lang.python:5709

Show key headers only | View raw

On Thu, May 19, 2011 at 2:54 AM, geremy condra <debatem1@gmail.com> wrote:
> On Wed, May 18, 2011 at 12:36 AM, Hans Georg Schaathun <hg@schaathun.net> wrote:
>> But then, nothing is secure in any absolute sense.
>
> If you're talking security and not philosophy, there is such a thing
> as a secure system. As a developer you should aim for it.

Agreed. Things can be secure if you accept caveats. A good server
might be secure as long as attackers cannot, say:
* Get physical access to the server, remove the hard disk, and tamper with it
* Hold a gun to the developer and say "Log me in as root or you die"
* Trigger a burst of cosmic rays that toggle some bits in memory

If someone can do that, there's really not much you can do to stop
them. But you CAN make a system 100% secure against network-based
attacks.

Denial of service attacks are the hardest to truly defend against, and
if your level of business is low enough, you can probably ignore them
in your code, and deal with them by human ("Hmm, we seem to be getting
ridiculous amounts of traffic from XX.YY.ZZ.*, I think I'll put a
temporary ban on that /24"). Although some really nasty DOSes can be
blocked fairly easily, so it's worth thinking about them.

But mainly: Don't panic about the really really obscure attack
possibilities, the ones that would only happen if someone with a lot
of resources is trying to bring you down. Just deal with the obvious
stuff - make sure your server cannot be compromised via a standard
network connection.

Test your server by connecting with a basic TELNET client (or a
hacked-up client, if it uses a binary protocol). Test your client by
connecting it to a hacked-up server. Make sure you can't muck up
either of them. Assume that any attacker will know every detail about
your comms protocol, because chances are he will know most of it.

Chris Angelico

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Re: obviscating python code for distribution Daniel Kluev <dan.kluev@gmail.com> - 2011-05-16 13:21 +1100
  Re: obviscating python code for distribution "Rhodri James" <rhodri@wildebst.demon.co.uk> - 2011-05-16 23:42 +0100
    Re: obviscating python code for distribution Hans Georg Schaathun <hg@schaathun.net> - 2011-05-18 08:36 +0100
      Re: obviscating python code for distribution Dotan Cohen <dotancohen@gmail.com> - 2011-05-18 17:42 +0300
      Re: obviscating python code for distribution geremy condra <debatem1@gmail.com> - 2011-05-18 09:54 -0700
        Re: obviscating python code for distribution Hans Georg Schaathun <hg@schaathun.net> - 2011-05-18 18:33 +0100
          Re: obviscating python code for distribution geremy condra <debatem1@gmail.com> - 2011-05-18 12:07 -0700
            Re: obviscating python code for distribution Hans Georg Schaathun <hg@schaathun.net> - 2011-05-18 20:56 +0100
              Re: obviscating python code for distribution geremy condra <debatem1@gmail.com> - 2011-05-18 14:34 -0700
                Re: obviscating python code for distribution Hans Georg Schaathun <hg@schaathun.net> - 2011-05-19 06:21 +0100
                Re: obviscating python code for distribution Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2011-05-19 08:47 +0000
                Re: obviscating python code for distribution Hans Georg Schaathun <hg@schaathun.net> - 2011-05-19 10:16 +0100
                Re: obviscating python code for distribution geremy condra <debatem1@gmail.com> - 2011-05-19 10:23 -0700
                Re: obviscating python code for distribution Hans Georg Schaathun <hg@schaathun.net> - 2011-05-19 19:23 +0100
                Re: obviscating python code for distribution geremy condra <debatem1@gmail.com> - 2011-05-19 17:56 -0700
                Re: obviscating python code for distribution Hans Georg Schaathun <hg@schaathun.net> - 2011-05-20 05:48 +0100
                Re: obviscating python code for distribution Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2011-05-20 07:04 +0000
                Re: obviscating python code for distribution Hans Georg Schaathun <hg@schaathun.net> - 2011-05-20 09:54 +0100
                Re: obviscating python code for distribution harrismh777 <harrismh777@charter.net> - 2011-05-20 15:24 -0500
                Re: obviscating python code for distribution geremy condra <debatem1@gmail.com> - 2011-05-20 15:45 -0700
                Re: obviscating python code for distribution Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2011-05-21 00:54 +0000
                Re: obviscating python code for distribution harrismh777 <harrismh777@charter.net> - 2011-05-20 23:26 -0500
                Re: obviscating python code for distribution Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2011-05-20 07:10 +0000
                Re: obviscating python code for distribution geremy condra <debatem1@gmail.com> - 2011-05-20 09:26 -0700
                Re: obviscating python code for distribution Nobody <nobody@nowhere.com> - 2011-05-20 18:48 +0100
                Re: obviscating python code for distribution Chris Angelico <rosuav@gmail.com> - 2011-05-20 11:33 +1000
                Re: obviscating python code for distribution geremy condra <debatem1@gmail.com> - 2011-05-19 19:30 -0700
                Re: obviscating python code for distribution Chris Angelico <rosuav@gmail.com> - 2011-05-20 12:35 +1000
      Re: obviscating python code for distribution Chris Angelico <rosuav@gmail.com> - 2011-05-19 03:24 +1000
        Re: obviscating python code for distribution John Bokma <john@castleamber.com> - 2011-05-18 12:31 -0500
          Re: obviscating python code for distribution Chris Angelico <rosuav@gmail.com> - 2011-05-19 03:52 +1000
      Re: obviscating python code for distribution geremy condra <debatem1@gmail.com> - 2011-05-18 10:40 -0700
      Re: obviscating python code for distribution Chris Angelico <rosuav@gmail.com> - 2011-05-19 04:07 +1000
      Re: obviscating python code for distribution "Littlefield, Tyler" <tyler@tysdomain.com> - 2011-05-18 12:26 -0600
        Re: obviscating python code for distribution harrismh777 <harrismh777@charter.net> - 2011-05-18 21:54 -0500
          Re: obviscating python code for distribution geremy condra <debatem1@gmail.com> - 2011-05-19 10:50 -0700
            Re: obviscating python code for distribution harrismh777 <harrismh777@charter.net> - 2011-05-20 01:17 -0500
      Re: obviscating python code for distribution Dotan Cohen <dotancohen@gmail.com> - 2011-05-18 21:30 +0300
      Re: obviscating python code for distribution Dotan Cohen <dotancohen@gmail.com> - 2011-05-18 21:31 +0300
      Re: obviscating python code for distribution Chris Angelico <rosuav@gmail.com> - 2011-05-19 04:37 +1000
      Re: obviscating python code for distribution Chris Angelico <rosuav@gmail.com> - 2011-05-19 04:49 +1000
      Re: obviscating python code for distribution geremy condra <debatem1@gmail.com> - 2011-05-18 14:47 -0700

csiph-web