Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Python source code easy to hack?
95 views
Skip to first unread message
Jayden
Sep 28, 2012, 7:57:13 AM9/28/12
to
Dear All,
I have a concern in developing commercial code with Python. Someone told me that its program can be easily hacked to get its source code. Is it really the case? Any way to protect your source code?
Thanks a lot!
Jayden
I have a concern in developing commercial code with Python. Someone told me that its program can be easily hacked to get its source code. Is it really the case? Any way to protect your source code?
Thanks a lot!
Jayden
Mark Lawrence
Sep 28, 2012, 8:17:26 AM9/28/12
to pytho...@python.org
archives you're sure to get loads of answers.
--
Cheers.
Mark Lawrence.
zig-zag
Sep 28, 2012, 8:30:32 AM9/28/12
to
stu...@molden.no
Sep 28, 2012, 10:18:36 AM9/28/12
to
kl. 13:57:14 UTC+2 fredag 28. september 2012 skrev Jayden følgende:
> Dear All, I have a concern in developing commercial code with Python. Someone told me that its program can be easily hacked to get its source code. Is it really the case? Any way to protect your source code? Thanks a lot! Jayden
Python bytecode is not easier to hack than Java or .NET bytecodes. You don't have to distribute your source code. Dropbox and BitTorrent are written in Python. I don't think "hacking the source" is a major problem. You also have the option of compiling parts of the source code to native C DLLs using Cython. If you are very paranoid about protecting your sources, perhaps you shouldn't distribute it at all, but provide a web application?
> Dear All, I have a concern in developing commercial code with Python. Someone told me that its program can be easily hacked to get its source code. Is it really the case? Any way to protect your source code? Thanks a lot! Jayden
Sturla
Jerry Hill
Sep 28, 2012, 10:38:00 AM9/28/12
to pytho...@python.org
On Fri, Sep 28, 2012 at 10:18 AM, <stu...@molden.no> wrote:
> Python bytecode is not easier to hack than Java or .NET bytecodes.
This is true, but both java and .net are also relatively easy to decompile.
> Python bytecode is not easier to hack than Java or .NET bytecodes.
In general though, why does it matter? What are you trying to protect
yourself against? If you're including secrets in your code like
encryption keys or bank account numbers, there's no way to keep them
out of the hands of a determined attacker that has access to your
file, no matter what language it may be written in.
If you must keep anyone from ever seeing how your code works, the only
way to do that is to keep all the sensitive bits running on a machine
that you control. Typically, you would do that by distributing a
client portion of your application, and also running a web service.
Then you can have your client connect to the web service, request that
the sensitive calculations, or money transfer, or whatever, be done on
the server, and just pass back the results.
--
Jerry
stu...@molden.no
Sep 28, 2012, 11:19:54 AM9/28/12
to pytho...@python.org
kl. 16:38:10 UTC+2 fredag 28. september 2012 skrev Jerry Hill følgende:
> This is true, but both java and .net are also relatively easy to decompile.
Neither of them are very "obfuscated".
> This is true, but both java and .net are also relatively easy to decompile.
> In general though, why does it matter?
> What are you trying to protect yourself against?
Patent trolls?
Unauthorized access to priviledged features?
Industrial espionage?
> If you must keep anyone from ever seeing how your code works, the only way to do that is to keep all the sensitive bits running on a machine that you control.
Sturla
stu...@molden.no
Sep 28, 2012, 11:19:54 AM9/28/12
to comp.lan...@googlegroups.com, pytho...@python.org
kl. 16:38:10 UTC+2 fredag 28. september 2012 skrev Jerry Hill følgende:
> This is true, but both java and .net are also relatively easy to decompile.
> This is true, but both java and .net are also relatively easy to decompile.
Neither of them are very "obfuscated".
> In general though, why does it matter?
Paranoia among managers?
> What are you trying to protect yourself against?
Embarassment?
Patent trolls?
Unauthorized access to priviledged features?
Industrial espionage?
Patent trolls?
Unauthorized access to priviledged features?
Industrial espionage?
> If you must keep anyone from ever seeing how your code works, the only way to do that is to keep all the sensitive bits running on a machine that you control.
Indeed :)
Sturla
Littlefield, Tyler
Sep 28, 2012, 11:56:30 AM9/28/12
to stu...@molden.no, pytho...@python.org
On 9/28/2012 9:19 AM, stu...@molden.no wrote:
> kl. 16:38:10 UTC+2 fredag 28. september 2012 skrev Jerry Hill følgende:
>
>> This is true, but both java and .net are also relatively easy to decompile.
> Neither of them are very "obfuscated".
>
>
>> In general though, why does it matter?
> Paranoia among managers?
>
>
>> What are you trying to protect yourself against?
Embarassment?
Patent trolls?
Unauthorized access to priviledged features?
Industrial espionage?
Sounds like a web solution is the best way. Use a thin client and run your NSA-level code on a server. It's worth pointing out though that even c/c++ isn't free. If someone wants to decompile or disassemble your code bad enough, it's going to happen.
> kl. 16:38:10 UTC+2 fredag 28. september 2012 skrev Jerry Hill følgende:
>
>> This is true, but both java and .net are also relatively easy to decompile.
> Neither of them are very "obfuscated".
>
>
>> In general though, why does it matter?
> Paranoia among managers?
>
>
>> What are you trying to protect yourself against?
Embarassment?
Patent trolls?
Unauthorized access to priviledged features?
Industrial espionage?
>> If you must keep anyone from ever seeing how your code works, the only way to do that is to keep all the sensitive bits running on a machine that you control.
> Indeed :)
>
>
>
> Sturla
Take care,
Ty
http://tds-solutions.net
The aspen project: a barebones light-weight mud engine:
http://code.google.com/p/aspenmud
He that will not reason is a bigot; he that cannot reason is a fool; he that dares not reason is a slave.
88888 Dihedral
Sep 28, 2012, 1:37:47 PM9/28/12
to
Jayden於 2012年9月28日星期五UTC+8下午7時57分14秒寫道:
Nowadays high priced commercial IDE software products shipped with a
built in interpreter with some GUI to let users customize their own
needs in designs. This also means examples in source codes to
be provided, too.
Anyway even compiled instructions can be iced and reverse engineered
for all the flows of the software.
built in interpreter with some GUI to let users customize their own
needs in designs. This also means examples in source codes to
be provided, too.
Anyway even compiled instructions can be iced and reverse engineered
for all the flows of the software.
0 new messages