Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #96621 > unrolled thread

Pyarmor, guard your python scripts

Back to article view | Back to comp.lang.python

Contents

  Pyarmor, guard your python scripts Jondy Zhao <jondy.zhao@gmail.com> - 2015-09-15 02:21 -0700
    Re: Pyarmor, guard your python scripts Ben Finney <ben+python@benfinney.id.au> - 2015-09-15 19:36 +1000
      Re: Pyarmor, guard your python scripts Jondy Zhao <jondy.zhao@gmail.com> - 2015-09-17 18:58 -0700
        Re: Pyarmor, guard your python scripts Chris Angelico <rosuav@gmail.com> - 2015-09-18 12:05 +1000
          Re: Pyarmor, guard your python scripts Jondy Zhao <jondy.zhao@gmail.com> - 2015-09-17 19:51 -0700
        Re: Pyarmor, guard your python scripts Ben Finney <ben+python@benfinney.id.au> - 2015-09-18 12:27 +1000
          Re: Pyarmor, guard your python scripts Jondy Zhao <jondy.zhao@gmail.com> - 2015-09-17 19:59 -0700
            Re: Pyarmor, guard your python scripts Ben Finney <ben+python@benfinney.id.au> - 2015-09-18 13:06 +1000
              Re: Pyarmor, guard your python scripts Jondy Zhao <jondy.zhao@gmail.com> - 2015-09-17 22:55 -0700
                Re: Pyarmor, guard your python scripts Chris Angelico <rosuav@gmail.com> - 2015-09-18 17:27 +1000
                  Re: Pyarmor, guard your python scripts Jondy Zhao <jondy.zhao@gmail.com> - 2015-09-18 01:05 -0700
                    Re: Pyarmor, guard your python scripts Chris Angelico <rosuav@gmail.com> - 2015-09-18 18:16 +1000
                Re: Pyarmor, guard your python scripts sohcahtoa82@gmail.com - 2015-10-05 12:44 -0700
    Re: Pyarmor, guard your python scripts Chris Angelico <rosuav@gmail.com> - 2015-09-15 19:48 +1000
      Re: Pyarmor, guard your python scripts Grant Edwards <invalid@invalid.invalid> - 2015-09-15 13:16 +0000
        Re: Pyarmor, guard your python scripts Chris Angelico <rosuav@gmail.com> - 2015-09-15 23:29 +1000
          Re: Pyarmor, guard your python scripts Grant Edwards <invalid@invalid.invalid> - 2015-09-15 16:20 +0000
            Re: Pyarmor, guard your python scripts Chris Angelico <rosuav@gmail.com> - 2015-09-16 02:29 +1000
              Re: Pyarmor, guard your python scripts Grant Edwards <invalid@invalid.invalid> - 2015-09-15 16:40 +0000
                Re: Pyarmor, guard your python scripts Chris Angelico <rosuav@gmail.com> - 2015-09-16 02:59 +1000
      Re: Pyarmor, guard your python scripts Jondy Zhao <jondy.zhao@gmail.com> - 2015-09-17 19:40 -0700
        Re: Pyarmor, guard your python scripts Chris Angelico <rosuav@gmail.com> - 2015-09-18 15:01 +1000
          Re: Pyarmor, guard your python scripts Jondy Zhao <jondy.zhao@gmail.com> - 2015-09-17 22:38 -0700
            Re: Pyarmor, guard your python scripts alister <alister.nospam.ware@ntlworld.com> - 2015-09-18 08:08 +0000
              Re: Pyarmor, guard your python scripts Jondy Zhao <jondy.zhao@gmail.com> - 2015-09-18 01:31 -0700
                Re: Pyarmor, guard your python scripts alister <alister.nospam.ware@ntlworld.com> - 2015-09-18 10:06 +0000
                  Re: Pyarmor, guard your python scripts Jondy Zhao <jondy.zhao@gmail.com> - 2015-09-18 04:41 -0700
                    Re: Pyarmor, guard your python scripts Ben Finney <ben+python@benfinney.id.au> - 2015-09-18 21:52 +1000
                    Re: Pyarmor, guard your python scripts Lorenzo Sutton <lorenzofsutton@gmail.com> - 2015-09-18 15:07 +0200
                      Re: Pyarmor, guard your python scripts Jondy Zhao <jondy.zhao@gmail.com> - 2015-09-18 06:57 -0700
                        Re: Pyarmor, guard your python scripts Josef Pktd <josef.pktd@gmail.com> - 2015-10-05 08:55 -0700
                          Re: Pyarmor, guard your python scripts Ben Finney <ben+python@benfinney.id.au> - 2015-10-06 09:25 +1100
                          Re: Pyarmor, guard your python scripts Josef Pktd <josef.pktd@gmail.com> - 2015-10-06 07:35 -0700

Page 1 of 2  [1] 2  Next page →

#96621 — Pyarmor, guard your python scripts

Pyarmor is a simple to use tool which is capable of importing or running encrypted Python script files. Moreover, it can apply encoding algorithms to your Python scripts, in order to help you protect them before you can distribute them. You may also generate license files with custom validity conditions.

Python protector application

Pyarmor is dedicated to users who create their applications, components, scripts or any file with the help of the Python programming language. You may use this application to encrypt the files, in order to protect their content and your intellectual property, by encoding the scripts.

Pyarmor uses two alternative methods of applying protection: converting the Python script file to an encrypted type of item, with the .PYX extension. Otherwise, you may add specific files to the script and distribute it as a package: the program can create and attach license files, with various validity terms.

Change the shape, not the content

While Pyarmor can modify the package in which the Python script is distributed, it hardly applies any modifications to the script itself. In fact, the program is not a script editor and does not allow you to make changes within the files.

The program allows you to encrypt files, but to also open and run them as if no protection was applied. Moreover, it can run or import encrypted Python scripts in any target machine, only in specified machines or before a specified date. This aspect can be controlled by the creation of the license files: bound to a hard disk serial number or by an expiration date.

Simple to use application

Pyarmor comes as a wizard, which can guide you through all the steps of the process, for your convenience. The steps are not restricted by certain requirements, so you may easily skip either of them and customize the process. Moreover, the program allows you to save the files at any location on your computer.

For more information, search pyarmor in pypi.

[toc] | [next] | [standalone]

#96623

Jondy Zhao <jondy.zhao@gmail.com> writes:

> Pyarmor is a simple to use tool which is capable of importing or
> running encrypted Python script files. Moreover, it can apply encoding
> algorithms to your Python scripts, in order to help you protect them
> before you can distribute them. You may also generate license files
> with custom validity conditions.

Protect them from whom? What is the threat model against which Pyarmor
is claimed to protect? Who is the attacker, who is being protected?

> The program allows you to encrypt files, but to also open and run them
> as if no protection was applied. Moreover, it can run or import
> encrypted Python scripts in any target machine, only in specified
> machines or before a specified date. This aspect can be controlled by
> the creation of the license files: bound to a hard disk serial number
> or by an expiration date.

So a Python file encrypted this way will be arbitrarily restricted in
how it can be inspected for debugging, performance monitoring, and
testing?

This seems to explicitly treat the user of the Python software as a
hostile attacker. That is not a friendly or respectful position, and I
hope I misunderstand Pyarmor's operation.

-- 
 \       “Any fool can write code that a computer can understand. Good |
  `\       programmers write code that humans can understand.” —Martin |
_o__)                                      Fowler, _Refactoring_, 2000 |
Ben Finney

[toc] | [prev] | [next] | [standalone]

#96791

On Tuesday, September 15, 2015 at 5:36:52 PM UTC+8, Ben Finney wrote:
> Jondy Zhao <jondy.zhao@gmail.com> writes:
> 
> > Pyarmor is a simple to use tool which is capable of importing or
> > running encrypted Python script files. Moreover, it can apply encoding
> > algorithms to your Python scripts, in order to help you protect them
> > before you can distribute them. You may also generate license files
> > with custom validity conditions.
> 
> Protect them from whom? What is the threat model against which Pyarmor
> is claimed to protect? Who is the attacker, who is being protected?
> 
> > The program allows you to encrypt files, but to also open and run them
> > as if no protection was applied. Moreover, it can run or import
> > encrypted Python scripts in any target machine, only in specified
> > machines or before a specified date. This aspect can be controlled by
> > the creation of the license files: bound to a hard disk serial number
> > or by an expiration date.
> 
> So a Python file encrypted this way will be arbitrarily restricted in
> how it can be inspected for debugging, performance monitoring, and
> testing?
> 
> This seems to explicitly treat the user of the Python software as a
> hostile attacker. That is not a friendly or respectful position, and I
> hope I misunderstand Pyarmor's operation.
> 
> -- 
>  \       "Any fool can write code that a computer can understand. Good |
>   `\       programmers write code that humans can understand." --Martin |
> _o__)                                      Fowler, _Refactoring_, 2000 |
> Ben Finney

Think that python developer is manufacturer, and he want to sell his product to the customers who don't know anything about programming. He don't hope his customers redistribute his product, that's protected by Pyarmor.

[toc] | [prev] | [next] | [standalone]

#96793

On Fri, Sep 18, 2015 at 11:58 AM, Jondy Zhao <jondy.zhao@gmail.com> wrote:
> Think that python developer is manufacturer, and he want to sell his product to the customers who don't know anything about programming. He don't hope his customers redistribute his product, that's protected by Pyarmor.
>

The trouble with that thinking is that they _can_ redistribute his
product. In fact, PyArmor isn't going to do anything about that. It
might make it harder for them to reverse engineer that product, but it
does nothing whatsoever for redistribution.

ChrisA

[toc] | [prev] | [next] | [standalone]

#96796

On Friday, September 18, 2015 at 10:06:30 AM UTC+8, Chris Angelico wrote:
> On Fri, Sep 18, 2015 at 11:58 AM, Jondy Zhao <jondy.zhao@gmail.com> wrote:
> > Think that python developer is manufacturer, and he want to sell his product to the customers who don't know anything about programming. He don't hope his customers redistribute his product, that's protected by Pyarmor.
> >
> 
> The trouble with that thinking is that they _can_ redistribute his
> product. In fact, PyArmor isn't going to do anything about that. It
> might make it harder for them to reverse engineer that product, but it
> does nothing whatsoever for redistribution.
> 
> ChrisA

The encrypted scripts could be distributed to bind to hard disk of computer, so the customers could not simplely copy them to somewhere else. Except they could reverse all the bytecodes, and pyarmor does make it harder to reverse bytecode to source. 

[toc] | [prev] | [next] | [standalone]

#96794

Jondy Zhao <jondy.zhao@gmail.com> writes:

> Think that python developer is manufacturer, and he want to sell his
> product to the customers who don't know anything about programming.

Are you also assuming those customers have no-one they can talk with who
knows programming?

> He don't hope his customers redistribute his product, that's protected
> by Pyarmor.

Pyarmor is not going to stop them redistributing anything. If they're
motivated to redistribute the code, this won't stop them. If they're
motivated to examine what the code does, this will increase the effort
but not stop them.

At best, it will annoy customers who want to get someone's help in
debugging the product. That sounds like an anti-feature.

-- 
 \     “This world in arms is not spending money alone. It is spending |
  `\      the sweat of its laborers, the genius of its scientists, the |
_o__)           hopes of its children.” —Dwight Eisenhower, 1953-04-16 |
Ben Finney

[toc] | [prev] | [next] | [standalone]

#96797

On Friday, September 18, 2015 at 10:27:35 AM UTC+8, Ben Finney wrote:
> Jondy Zhao <jondy.zhao@gmail.com> writes:
> 
> > Think that python developer is manufacturer, and he want to sell his
> > product to the customers who don't know anything about programming.
> 
> Are you also assuming those customers have no-one they can talk with who
> knows programming?
> 
> > He don't hope his customers redistribute his product, that's protected
> > by Pyarmor.
> 
> Pyarmor is not going to stop them redistributing anything. If they're
> motivated to redistribute the code, this won't stop them. If they're
> motivated to examine what the code does, this will increase the effort
> but not stop them.
> 
> At best, it will annoy customers who want to get someone's help in
> debugging the product. That sounds like an anti-feature.
> 
> -- 
>  \     "This world in arms is not spending money alone. It is spending |
>   `\      the sweat of its laborers, the genius of its scientists, the |
> _o__)           hopes of its children." --Dwight Eisenhower, 1953-04-16 |
> Ben Finney

For example, I develop a game by python. What I want to do is that the player or the agent could not simply copy the game to others. For the player or the agent, they needn't research the game. That's cases concerned by PyArmor.

[toc] | [prev] | [next] | [standalone]

#96798

Jondy Zhao <jondy.zhao@gmail.com> writes:

> For example, I develop a game by python. What I want to do is that the
> player or the agent could not simply copy the game to others. For the
> player or the agent, they needn't research the game.

Deciding for the customer what they may not do, on their own computer,
is quite hostile. Please don't enable such restrictions.

-- 
 \       “We must find our way to a time when faith, without evidence, |
  `\    disgraces anyone who would claim it.” —Sam Harris, _The End of |
_o__)                                                     Faith_, 2004 |
Ben Finney

[toc] | [prev] | [next] | [standalone]

#96801

On Friday, September 18, 2015 at 11:06:25 AM UTC+8, Ben Finney wrote:
> Jondy Zhao <jondy.zhao@gmail.com> writes:
> 
> > For example, I develop a game by python. What I want to do is that the
> > player or the agent could not simply copy the game to others. For the
> > player or the agent, they needn't research the game.
> 
> Deciding for the customer what they may not do, on their own computer,
> is quite hostile. Please don't enable such restrictions.
> 

This is only one possible way to distribute encrypted scripts. As I thought the user of Pyarmor would be the producer of commercial software, so they could bind their license file to netcard, harddisk, cpu, etc.

> -- 
>  \       "We must find our way to a time when faith, without evidence, |
>   `\    disgraces anyone who would claim it." --Sam Harris, _The End of |
> _o__)                                                     Faith_, 2004 |
> Ben Finney

[toc] | [prev] | [next] | [standalone]

#96806

On Fri, Sep 18, 2015 at 3:55 PM, Jondy Zhao <jondy.zhao@gmail.com> wrote:
> On Friday, September 18, 2015 at 11:06:25 AM UTC+8, Ben Finney wrote:
>> Jondy Zhao <jondy.zhao@gmail.com> writes:
>>
>> > For example, I develop a game by python. What I want to do is that the
>> > player or the agent could not simply copy the game to others. For the
>> > player or the agent, they needn't research the game.
>>
>> Deciding for the customer what they may not do, on their own computer,
>> is quite hostile. Please don't enable such restrictions.
>>
>
> This is only one possible way to distribute encrypted scripts. As I thought the user of Pyarmor would be the producer of commercial software, so they could bind their license file to netcard, harddisk, cpu, etc.
>

Great. Please put a big warning notice on your application:

ATTENTION ALL USERS
The author of this program believes that he controls your usage of it,
to the extent that a legitimately-purchased copy will refuse to run if
you upgrade your computer's hardware.
It is therefore recommended that you pirate this program as per XKCD 488.
If you don't like this, don't use the program.


At least then you'll be being honest.

ChrisA

[toc] | [prev] | [next] | [standalone]

#96807

On Friday, September 18, 2015 at 3:27:28 PM UTC+8, Chris Angelico wrote:
> On Fri, Sep 18, 2015 at 3:55 PM, Jondy Zhao <jondy.zhao@gmail.com> wrote:
> > On Friday, September 18, 2015 at 11:06:25 AM UTC+8, Ben Finney wrote:
> >> Jondy Zhao <jondy.zhao@gmail.com> writes:
> >>
> >> > For example, I develop a game by python. What I want to do is that the
> >> > player or the agent could not simply copy the game to others. For the
> >> > player or the agent, they needn't research the game.
> >>
> >> Deciding for the customer what they may not do, on their own computer,
> >> is quite hostile. Please don't enable such restrictions.
> >>
> >
> > This is only one possible way to distribute encrypted scripts. As I thought the user of Pyarmor would be the producer of commercial software, so they could bind their license file to netcard, harddisk, cpu, etc.
> >
> 
> Great. Please put a big warning notice on your application:
> 
> ATTENTION ALL USERS
> The author of this program believes that he controls your usage of it,
> to the extent that a legitimately-purchased copy will refuse to run if
> you upgrade your computer's hardware.
> It is therefore recommended that you pirate this program as per XKCD 488.
> If you don't like this, don't use the program.
> 
> 
> At least then you'll be being honest.
> 

I know you hate it. But I have purchased some commercial software in this way before, a tool named ERWIN used to create relation database. The license I got from software provider is bind to the network card of my PC. I can't use this tool in any other machine. This is true case.

The world is wide, maybe it's better to be tolerant of all things.

> ChrisA

[toc] | [prev] | [next] | [standalone]

#96809

On Fri, Sep 18, 2015 at 6:05 PM, Jondy Zhao <jondy.zhao@gmail.com> wrote:
> I know you hate it. But I have purchased some commercial software in this way before, a tool named ERWIN used to create relation database. The license I got from software provider is bind to the network card of my PC. I can't use this tool in any other machine. This is true case.
>
> The world is wide, maybe it's better to be tolerant of all things.

Tolerant, perhaps - but that doesn't mean we encourage it. So, first
and foremost, I *will not* code anything that encourages people to do
this. And secondly, I generally will not buy anything that uses any
form of DRM. (There are a *very* few exceptions.) Frankly, I'd prefer
to pirate something and then make a donation to the author than buy it
with DRM.

So. no. No matter how wide the world is, I *WILL NOT* encourage the
use of this software.

ChrisA

[toc] | [prev] | [next] | [standalone]

#97423

On Thursday, September 17, 2015 at 10:55:19 PM UTC-7, Jondy Zhao wrote:
> On Friday, September 18, 2015 at 11:06:25 AM UTC+8, Ben Finney wrote:
> > Jondy Zhao <jondy.zhao@gmail.com> writes:
> > 
> > > For example, I develop a game by python. What I want to do is that the
> > > player or the agent could not simply copy the game to others. For the
> > > player or the agent, they needn't research the game.
> > 
> > Deciding for the customer what they may not do, on their own computer,
> > is quite hostile. Please don't enable such restrictions.
> > 
> 
> This is only one possible way to distribute encrypted scripts. As I thought the user of Pyarmor would be the producer of commercial software, so they could bind their license file to netcard, harddisk, cpu, etc.
> 
> > -- 
> >  \       "We must find our way to a time when faith, without evidence, |
> >   `\    disgraces anyone who would claim it." --Sam Harris, _The End of |
> > _o__)                                                     Faith_, 2004 |
> > Ben Finney

DRM does not prevent piracy.

End of story.

The only thing DRM does is piss off your legitimate users by forcing them to jump through hoops if they happen to upgrade or replace their computer.

[toc] | [prev] | [next] | [standalone]

#96625

On Tue, Sep 15, 2015 at 7:21 PM, Jondy Zhao <jondy.zhao@gmail.com> wrote:
> Pyarmor is dedicated to users who create their applications, components, scripts or any file with the help of the Python programming language. You may use this application to encrypt the files, in order to protect their content and your intellectual property, by encoding the scripts.
>
>
> The program allows you to encrypt files, but to also open and run them as if no protection was applied.

If they can be run as if no protection had been applied, that
presumably means the loader is capable of decrypting them, right? So
what's to stop anyone from reading the loader, using it to decrypt the
actual code, and running it?

ChrisA

[toc] | [prev] | [next] | [standalone]

#96632

On 2015-09-15, Chris Angelico <rosuav@gmail.com> wrote:
> On Tue, Sep 15, 2015 at 7:21 PM, Jondy Zhao <jondy.zhao@gmail.com> wrote:
>> Pyarmor is dedicated to users who create their applications, components, scripts or any file with the help of the Python programming language. You may use this application to encrypt the files, in order to protect their content and your intellectual property, by encoding the scripts.
>>
>> The program allows you to encrypt files, but to also open and run
>> them as if no protection was applied.
>
> If they can be run as if no protection had been applied, that
> presumably means the loader is capable of decrypting them, right? So
> what's to stop anyone from reading the loader, using it to decrypt
> the actual code, and running it?

I rather expect the answer to that questions is "laziness".

It's like the lock on my front door.  It's not going to stop anybody
who really wants to get in, but it will prevent the idle curious from
wandering in and messing about with my stuff.

-- 
Grant Edwards               grant.b.edwards        Yow! Are we on STRIKE yet?
                                  at               
                              gmail.com            

[toc] | [prev] | [next] | [standalone]

#96633

On Tue, Sep 15, 2015 at 11:16 PM, Grant Edwards <invalid@invalid.invalid> wrote:
> On 2015-09-15, Chris Angelico <rosuav@gmail.com> wrote:
>> On Tue, Sep 15, 2015 at 7:21 PM, Jondy Zhao <jondy.zhao@gmail.com> wrote:
>>> Pyarmor is dedicated to users who create their applications, components, scripts or any file with the help of the Python programming language. You may use this application to encrypt the files, in order to protect their content and your intellectual property, by encoding the scripts.
>>>
>>> The program allows you to encrypt files, but to also open and run
>>> them as if no protection was applied.
>>
>> If they can be run as if no protection had been applied, that
>> presumably means the loader is capable of decrypting them, right? So
>> what's to stop anyone from reading the loader, using it to decrypt
>> the actual code, and running it?
>
> I rather expect the answer to that questions is "laziness".
>
> It's like the lock on my front door.  It's not going to stop anybody
> who really wants to get in, but it will prevent the idle curious from
> wandering in and messing about with my stuff.

Maybe. It seems more like having a lock on your front door, with the
key permanently inside it. But maybe that's just me.

In any case, this needs to be clear about how much security it's
actually offering.

ChrisA

[toc] | [prev] | [next] | [standalone]

#96641

On 2015-09-15, Chris Angelico <rosuav@gmail.com> wrote:
> On Tue, Sep 15, 2015 at 11:16 PM, Grant Edwards <invalid@invalid.invalid> wrote:
>> On 2015-09-15, Chris Angelico <rosuav@gmail.com> wrote:
>>> On Tue, Sep 15, 2015 at 7:21 PM, Jondy Zhao <jondy.zhao@gmail.com> wrote:
>>>> Pyarmor is dedicated to users who create their applications, components, scripts or any file with the help of the Python programming language. You may use this application to encrypt the files, in order to protect their content and your intellectual property, by encoding the scripts.
>>>>
>>>> The program allows you to encrypt files, but to also open and run
>>>> them as if no protection was applied.
>>>
>>> If they can be run as if no protection had been applied, that
>>> presumably means the loader is capable of decrypting them, right? So
>>> what's to stop anyone from reading the loader, using it to decrypt
>>> the actual code, and running it?
>>
>> I rather expect the answer to that questions is "laziness".
>>
>> It's like the lock on my front door.  It's not going to stop anybody
>> who really wants to get in, but it will prevent the idle curious from
>> wandering in and messing about with my stuff.
>
> Maybe. It seems more like having a lock on your front door, with the
> key permanently inside it. But maybe that's just me.

I you may be underestimating the laziness and overestimating the
cleverness of most people. ;)

-- 
Grant Edwards               grant.b.edwards        Yow! Is this sexual
                                  at               intercourse yet??  Is it,
                              gmail.com            huh, is it??

[toc] | [prev] | [next] | [standalone]

#96643

On Wed, Sep 16, 2015 at 2:20 AM, Grant Edwards <invalid@invalid.invalid> wrote:
> On 2015-09-15, Chris Angelico <rosuav@gmail.com> wrote:
>> On Tue, Sep 15, 2015 at 11:16 PM, Grant Edwards <invalid@invalid.invalid> wrote:
>>> On 2015-09-15, Chris Angelico <rosuav@gmail.com> wrote:
>>>> If they can be run as if no protection had been applied, that
>>>> presumably means the loader is capable of decrypting them, right? So
>>>> what's to stop anyone from reading the loader, using it to decrypt
>>>> the actual code, and running it?
>>>
>>> I rather expect the answer to that questions is "laziness".
>>>
>>> It's like the lock on my front door.  It's not going to stop anybody
>>> who really wants to get in, but it will prevent the idle curious from
>>> wandering in and messing about with my stuff.
>>
>> Maybe. It seems more like having a lock on your front door, with the
>> key permanently inside it. But maybe that's just me.
>
> I you may be underestimating the laziness and overestimating the
> cleverness of most people. ;)

Heh :) But in that case, you can probably get away with just
zipimport. Deflation sure isn't encryption, but the code is pretty
thoroughly concealed anyway.

ChrisA

[toc] | [prev] | [next] | [standalone]

#96644

On 2015-09-15, Chris Angelico <rosuav@gmail.com> wrote:
>
>> I you may be underestimating the laziness and overestimating the
>> cleverness of most people. ;)
>
> Heh :) But in that case, you can probably get away with just
> zipimport. Deflation sure isn't encryption, but the code is pretty
> thoroughly concealed anyway.

I agree completely.  There are three categories of protection:

  1) The program never leaves your computer.

  2) Obfuscation to deter the idle curious from mucking about.

  3) Put the source code on the interwebs.

In category 2 you find the single-file/directory-app bundlers[1]
(which IIRC mostly use something like zipimport) and various other
"encryption" wrappers.  They all provide pretty much the same minimal
"protection".

[1] Most of which are intended to provide ease of distribution and
    installation -- the obfuscation is mostly a side-effect.

-- 
Grant Edwards               grant.b.edwards        Yow! I love ROCK 'N ROLL!
                                  at               I memorized the all WORDS
                              gmail.com            to "WIPE-OUT" in 1965!!

[toc] | [prev] | [next] | [standalone]

#96645

On Wed, Sep 16, 2015 at 2:40 AM, Grant Edwards <invalid@invalid.invalid> wrote:
> On 2015-09-15, Chris Angelico <rosuav@gmail.com> wrote:
>>
>>> I you may be underestimating the laziness and overestimating the
>>> cleverness of most people. ;)
>>
>> Heh :) But in that case, you can probably get away with just
>> zipimport. Deflation sure isn't encryption, but the code is pretty
>> thoroughly concealed anyway.
>
> I agree completely.  There are three categories of protection:
>
>   1) The program never leaves your computer.
>
>   2) Obfuscation to deter the idle curious from mucking about.
>
>   3) Put the source code on the interwebs.

Agreed. #3 is the protection that I use for most of my code, and it's
protected me several times from a threat that's far more serious (in
my mind) than someone ripping off my code: it's kept my code safe from
hard drive failures. Yeah, nothing like seeing errors spewing off a
drive that's suddenly died to make you appreciate distributed source
control! (Oh look, my private key is no longer accessible. How
terrible... I have to go to GitHub and register a new public key
before I can continue development. That's gonna set me back... five
whole minutes!)

#1 wasn't really viable until the always-on internet connection became
a normal thing, but today, it's actually pretty easy. Shove your
application up onto cheap hosting somewhere, and make it accessible
via the web... anyone can do it, and your code needs no obfuscation to
be truly secure.

> In category 2 you find the single-file/directory-app bundlers[1]
> (which IIRC mostly use something like zipimport) and various other
> "encryption" wrappers.  They all provide pretty much the same minimal
> "protection".
>
> [1] Most of which are intended to provide ease of distribution and
>     installation -- the obfuscation is mostly a side-effect.

Right. Anyone who thinks zipapp is good for security is wrong, but it
sure can be handy for packaging up a one-click "here, download and run
this" Windows .exe file. Any obfuscation should be seen as a freebie,
on par with the toy you get in a fast-food meal.

ChrisA

[toc] | [prev] | [next] | [standalone]

Page 1 of 2  [1] 2  Next page →

Back to top | Article view | comp.lang.python

csiph-web