Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!aioe.org!feeder.news-service.com!news2.euro.net!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <rosuav@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.015
X-Spam-Evidence: '*H*': 0.97; '*S*': 0.00; 'instance,': 0.05; 'bits': 0.07; "it'd": 0.09; 'server,': 0.12; 'am,': 0.14; 'received:209.85.214.174': 0.14; 'received:mail- iw0-f174.google.com': 0.14; 'wrote:': 0.14; 'subject:python': 0.14; 'developer': 0.15; '1e50': 0.16; 'angelico': 0.16; 'breach': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'goal.': 0.16; 'impose': 0.16; 'protections': 0.16; 'subject:distribution': 0.16; 'discussion': 0.19; 'header:In- Reply-To:1': 0.21; 'seems': 0.21; 'thu,': 0.22; 'memory': 0.22; 'happen.': 0.23; 'personally,': 0.23; 'subject:code': 0.23; 'message-id:@mail.gmail.com': 0.28; 'received:209.85.214': 0.28; 'server': 0.29; '(even': 0.29; 'forgot': 0.29; 'agreed.': 0.30; 'google': 0.31; 'to:addr:python-list': 0.33; 'generally': 0.33; '(for': 0.33; 'things': 0.33; 'chris': 0.34; 'however,': 0.34; 'dns': 0.35; 'trigger': 0.35; 'hold': 0.36; 'none': 0.37; 'running': 0.37; 'received:google.com': 0.37; 'received:209.85': 0.37; 'extremely': 0.37; 'think': 0.38; 'docs': 0.38; 'subject:: ': 0.38; 'some': 0.38; 'comments': 0.39; 'unless': 0.39; 'received:209': 0.39; 'to:addr:python.org': 0.39; 'basic': 0.40; 'software': 0.40; 'really': 0.40; 'worth': 0.60; 'best': 0.60; 'john': 0.62; 'secure': 0.63; 'ever': 0.64; 'risk': 0.75; 'physical': 0.76; 'deliberate': 0.84; "doesn't,": 0.84; 'game,': 0.84; 'rays': 0.84; 'worthwhile.': 0.84; 'burst': 0.91
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=6HV+zSA+t18ybtnlLbhoarK0wVcSpisep2J7mFBV8vs=; b=DhnQIW3JtdUPofm3ND7NZUj+cnSgJT04bQ2DWiPdopKbbZ18Cf/mb/hNSmUTtad40v oeAbPjbC0Omgmn5ZX/fqob9bdbWV8dnFDiwPV3bplbXgdLvaWyEjJfr2uxHiQckwK17P Rer36FWpUnPQM9TihurcWarzBqbYzbu6LEvVY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=oJx1nhXUySA5bN6vv8I0mHOx3qYSociv8FSKwmgQzF7M1SVquEpmH4x7z1PYHrZ0P4 22RYSa+hzCDVzjxEf3uXsxJY2prBu5xmvpz/AKo8u00+GFbMdmgzkT2XSkGyt5ZN2B2l G/VEIn57C4oMKMGOT9eq3ylxrnBe7GzzUkUMk=
MIME-Version: 1.0
In-Reply-To: <87mxijzzht.fsf@castleamber.com>
References: <4DD08620.4030507@tysdomain.com> <mailman.1611.1305512463.9059.python-list@python.org> <op.vvlipenoa8ncjz@gnudebst> <5h9ca8-ekq.ln1@svn.schaathun.net> <BANLkTikm9+ordG3xudYTdmrce3vPcHnQ-A@mail.gmail.com> <mailman.1758.1305739455.9059.python-list@python.org> <87mxijzzht.fsf@castleamber.com>
Date: Thu, 19 May 2011 03:52:16 +1000
Subject: Re: obviscating python code for distribution
From: Chris Angelico <rosuav@gmail.com>
To: python-list@python.org
Content-Type: text/plain; charset=ISO-8859-1
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.1760.1305741141.9059.python-list@python.org>
Lines: 30
NNTP-Posting-Host: 82.94.164.166
X-Trace: 1305741141 news.xs4all.nl 49174 [::ffff:82.94.164.166]:48047
X-Complaints-To: abuse@xs4all.nl
Xref: x330-a1.tempe.blueboxinc.net comp.lang.python:5713

On Thu, May 19, 2011 at 3:31 AM, John Bokma <john@castleamber.com> wrote:
>> Agreed. Things can be secure if you accept caveats. A good server
>> might be secure as long as attackers cannot, say:
>> * Get physical access to the server, remove the hard disk, and tamper with it
>> * Hold a gun to the developer and say "Log me in as root or you die"
>> * Trigger a burst of cosmic rays that toggle some bits in memory
>
> You forgot the most important one:
>
> * if none of the software running on it has exploitable issues

That's not a caveat. That's a purposeful and deliberate goal. And far
from impossible.

> Personally, I think it's best to understand that no server is ever
> secure and hence one must always be prepared that a breach can happen.

You need to balance the risk of a breach against the effort it'd take
to prevent. See my comments re DOS attacks; it's not generally worth
being preemptive with those, unless you're at a way higher transaction
level than this discussion is about (for those who came in late, it's
a basic network game, and not Google Docs or the DNS root servers or
something). If it's going to impose 500ms latency on all packets just
to prevent the one chance in 1E50 that you get some particular attack,
then it's really not worthwhile. However, it IS possible to ensure
that the server doesn't, for instance, trust the client; those
extremely basic protections are well worth the effort (even if it
seems like a lot of effort).

Chris Angelico