Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!eternal-september.org!feeder.eternal-september.org!news.stack.nl!newsfeed.xs4all.nl!newsfeed4a.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.026 X-Spam-Evidence: '*H*': 0.95; '*S*': 0.00; 'argument': 0.05; 'definition,': 0.09; 'sure,': 0.09; 'warn': 0.09; 'cc:addr:python- list': 0.11; '*only*': 0.16; 'circumvent': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'subject:python': 0.16; 'wrote:': 0.18; 'code.': 0.18; 'variable': 0.18; 'usability': 0.19; 'cc:addr:python.org': 0.22; 'helpful': 0.24; '(or': 0.24; 'cc:2**0': 0.24; 'possibly': 0.26; 'header:In- Reply-To:1': 0.27; "doesn't": 0.30; 'message-id:@mail.gmail.com': 0.30; 'code': 0.31; 'comments,': 0.31; 'hacker': 0.31; 'probably': 0.32; 'figure': 0.32; 'run': 0.32; 'another': 0.32; 'fri,': 0.33; 'could': 0.34; "can't": 0.35; 'something': 0.35; 'anybody': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'should': 0.36; 'easily': 0.37; 'step': 0.37; 'product.': 0.38; 'pm,': 0.38; 'extremely': 0.39; 'users': 0.40; 'browser': 0.61; 'our': 0.64; 'nobody': 0.68; 'overall': 0.69; 'further,': 0.74; '4:00': 0.84; 'off,': 0.84; 'rip': 0.84; 'to:none': 0.92 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=t6ZofqPd9P5qe4onaAe+crYKGQDcqsxCNGLytYIgaBE=; b=HFGQZ+ddClIfcB3Fm6shpzLSE2aW11P/Qu2kAQafcMNRgX7UmmGlFD6gKJGi0I12rC nfH6aKAR2G/yoHG7E7/o1lUZeSVPmEwMDqHCqeeHpQcuis9pgkKrC+7F5sThEa58uddM MJzYJ3ExpbdSiT7HrD+pCiSIMR+FIFldVe+RpJeyea3HXdtNPDvBD8tt4MvnvQPk4fyQ dyFvXcSPVy8inEd9sGEqpbp8WlEd6jkzFGEN2mcZKPVqyoycDwYwKerNxHxl9C2Bf/5h Oy+KsWZAh8l6olaypQaC1OZH84lDmws1XmQ077wpdbbvx0ipdT9Y1pgNLB9MYkjtpSB1 1oTg== MIME-Version: 1.0 X-Received: by 10.68.213.74 with SMTP id nq10mr5020431pbc.153.1397196628774; Thu, 10 Apr 2014 23:10:28 -0700 (PDT) In-Reply-To: References: Date: Fri, 11 Apr 2014 16:10:28 +1000 Subject: Re: python obfuscate From: Chris Angelico Cc: python-list Content-Type: text/plain; charset=UTF-8 X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 21 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1397196638 news.xs4all.nl 2885 [2001:888:2000:d::a6]:50733 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:70104 On Fri, Apr 11, 2014 at 4:00 PM, Joshua Landau wrote: > But I do warn that it's adding another abstracting step that > doesn't improve - it probably harms - the overall usability of the > product. Further, a determined hacker can circumvent it, much as they > can circumvent everything else. I had this argument with my boss at work about obfuscating our JavaScript code. He said that he was extremely concerned that nobody should be able to rip off all his code; I said that anybody could still rip it off, just by using the code exactly the way the browser would. The *ONLY* advantage you can possibly get from an obfuscation system is that your users can't easily figure out what's going on internally; they can still, by definition, run the program unchanged. If you run obfuscated code through a prettifier (or a decompiler and then a prettifier, as the case may be), you end up with something that's practically indistinguishable from poorly-commented code. Sure, it's not as nice to work with as something with helpful variable names and comments, but it's far from impossible. ChrisA