Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!aioe.org!feeder.news-service.com!news2.euro.net!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.017 X-Spam-Evidence: '*H*': 0.97; '*S*': 0.00; 'wed,': 0.03; 'app,': 0.07; 'am,': 0.14; 'wrote:': 0.14; 'subject:python': 0.14; 'subject:distribution': 0.16; 'cc:addr:python-list': 0.17; 'accessible': 0.19; 'this?': 0.19; 'header:In-Reply-To:1': 0.21; 'cc:2**0': 0.22; 'cc:no real name:2**0': 0.23; 'received:209.85.210.174': 0.23; 'received:mail- iy0-f174.google.com': 0.23; 'subject:code': 0.23; 'fix': 0.23; 'saying': 0.26; 'message-id:@mail.gmail.com': 0.28; 'thanks': 0.28; 'server': 0.29; 'forgot': 0.29; 'cc:addr:python.org': 0.30; 'this.': 0.31; "can't": 0.32; 'done': 0.32; 'someone': 0.33; 'break': 0.33; 'things': 0.33; 'direction': 0.34; 'received:google.com': 0.37; 'received:209.85': 0.37; 'security.': 0.37; 'techniques,': 0.37; 'pretty': 0.37; 'think': 0.38; 'but': 0.38; 'subject:: ': 0.38; 'some': 0.38; 'should': 0.39; 'received:209': 0.39; 'everyone': 0.40; 'more': 0.60; 'kind': 0.60; 'secure': 0.63; '11:26': 0.84 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=rx+xY7eD+C5HFkP4TdQ2stU5kc3QSvaNh3vtAuMyL6I=; b=Th5SJDBOzafw/cPxc1PTRk03L6lne3y67SmWrmNkJAqkHW5rZrWu7xk2DK4lwHrL8I 74/3erqPhaPEXmN/eAhoKwVXmnmjo/ht/rqF1XlFrBwswmXeL1ySIG6iFyCII02gy3hX rOubnKwzwtBPsIQOUVKDAz+Sl5yRWzouRdqLc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=M+ugoLTyvV/Hw69q3IE78umiFe9mtYKt6QEvHmCOBHBwheivAEIQfz5siParkW4Wao 0rtEGpiiz95irZ4k+vVHH8EU8dUSU1IXWm6rxdMIEhJT7IisyEuUbkvy0AjfwSEjL3CN dPjEwgY2vH4yGkIzJmvI98N11lg2Eg9eLv4Fs= MIME-Version: 1.0 In-Reply-To: <4DD40F65.7090807@tysdomain.com> References: <4DD08620.4030507@tysdomain.com> <5h9ca8-ekq.ln1@svn.schaathun.net> <4DD40F65.7090807@tysdomain.com> Date: Wed, 18 May 2011 14:47:52 -0700 Subject: Re: obviscating python code for distribution From: geremy condra To: tyler@tysdomain.com Content-Type: text/plain; charset=ISO-8859-1 Cc: python-list@python.org X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 18 NNTP-Posting-Host: 82.94.164.166 X-Trace: 1305755275 news.xs4all.nl 49045 [::ffff:82.94.164.166]:35495 X-Complaints-To: abuse@xs4all.nl Xref: x330-a1.tempe.blueboxinc.net comp.lang.python:5745 On Wed, May 18, 2011 at 11:26 AM, Littlefield, Tyler wrote: >>might be secure as long as attackers cannot, say: > You forgot UFOs. > Anyway, again, thanks to everyone for the advice, this is good reading. > Incidentally, I don't know to much about security. I know about rate > limiting and dos attacks, as well as some others, but I think there's a lot > more that I don't know--can someone kind of aim me in the right direction > for some of this? I want to be able to take techniques, break my server and > then fix it so that can't be done before I head to public with this. One good thing to do is to just read some of the black hat papers. They're pretty accessible and even if you don't know everything they're saying you should be able to get a general feel for things that way. You might also try working through things like Damn Vulnerable Web App, if you have the time. Geremy Condra