By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,898 Members | 1,198 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,898 IT Pros & Developers. It's quick & easy.

program deployment

P: n/a
hi to all folks here,

i am learning Python, just finished a book and i am starting to write
programs.
I just want to ask, is the "correct" way to deploy my programs to other
computers, the .pyc files ??

I now that with the "-m compileall ." switch can compile a .py file
into bytecodes. So i suppose that if Python has to run a .pyc file, it
will load and execute it faster. And if i have some "sensitive" data in
my source, like passwords (and the source of cource!) they will be more
secure in a compiled file.

Is that correct ?

Thanks a lot for any help!

Jan 5 '07 #1
Share this Question
Share on Google+
19 Replies


P: n/a

king kikapu wrote:
hi to all folks here,

i am learning Python, just finished a book and i am starting to write
programs.
I just want to ask, is the "correct" way to deploy my programs to other
computers, the .pyc files ??

I now that with the "-m compileall ." switch can compile a .py file
into bytecodes. So i suppose that if Python has to run a .pyc file, it
will load and execute it faster. And if i have some "sensitive" data in
my source, like passwords (and the source of cource!) they will be more
secure in a compiled file.

Is that correct ?

Thanks a lot for any help!
Python code is normally deployed as straight source code. It gets
compiled automatically on its first run and will subsequently load
this quickly. Passwords do not belong in the source code and they are
not secure simply by distributing bytecode instead. This applies to any
language, native or byte code compiled. Distributing bytecode may deter
non-technical users but that's just about it.

Jan 5 '07 #2

P: n/a
Python code is normally deployed as straight source code.

But isn't this a problem of its own ?? I mean, many people do not feel
good if the know that their source code is lying around on other
machines...

Jan 5 '07 #3

P: n/a
king kikapu wrote:
>Python code is normally deployed as straight source code.

But isn't this a problem of its own ?? I mean, many people do not feel
good if the know that their source code is lying around on other
machines...
This has been discussed a bazillion times on this list - the summary is (at
least from my POV):

- it is possible to decompyle python pretty easy. So, spare yourself the
hassle just distributing only the pyc

- it is easy enough to hack even C-written apps, if anything is _worth_
being hacked, it will be hacked

- 99% of all code isn't worth being hacked or ripped. Really. Even though
the result of cobbling together lots of unimaginative code might be
impressive, there are only very few areas of coding (like e.g.
sophisticated compression algorithms and the like) that are worth ripping -
the rest is bound to be runnable in one app only anyway, as it is coupled
closely

- if you have something you really, really, really need to be as secure as
possible, go use a remote service - otherwise, it _will_ be compromised.
Diez
Jan 5 '07 #4

P: n/a
On 2007-01-05, king kikapu <ab********@panafonet.grwrote:
i am learning Python, just finished a book and i am starting
to write programs. I just want to ask, is the "correct" way to
deploy my programs to other computers, the .pyc files ??
That depends on the platform. Under Linux, one usually just
provides the source.

Under Windows, I ususally use py2exe+inno-setup.
I now that with the "-m compileall ." switch can compile a .py
file into bytecodes. So i suppose that if Python has to run a
.pyc file, it will load and execute it faster.
A little bit, yes.
And if i have some "sensitive" data in my source, like
passwords (and the source of cource!) they will be more secure
in a compiled file.
Not really.

--
Grant Edwards grante Yow! I represent a
at sardine!!
visi.com
Jan 5 '07 #5

P: n/a
On 2007-01-05, king kikapu <ab********@panafonet.grwrote:
>Python code is normally deployed as straight source code.

But isn't this a problem of its own? I mean, many people do not feel
good if the know that their source code is lying around on other
machines...
Are they embarassed by their code?

--
Grant Edwards grante Yow! Can I have an IMPULSE
at ITEM instead?
visi.com
Jan 5 '07 #6

P: n/a

Are they embarassed by their code?
hehehe...no, just worried about stealing their ideas...

Jan 5 '07 #7

P: n/a
Grant Edwards schrieb:
On 2007-01-05, king kikapu <ab********@panafonet.grwrote:
>>Python code is normally deployed as straight source code.
But isn't this a problem of its own? I mean, many people do not feel
good if the know that their source code is lying around on other
machines...

Are they embarassed by their code?
hehehe, but what I am thinking: Is it somehow possible to _really_ hide
the source from being viewed by other persons when using python? Not
that I want to do that ( I am an Open Source friend ), but that might
get others that rely on that (commercial) to use python for more
projects as it is done now.

Thomas
Jan 5 '07 #8

P: n/a
king kikapu wrote:
Are they embarassed by their code?

hehehe...no, just worried about stealing their ideas...
Ever heard of "Open Source" ? I do better by letting other people
steal my ideas (and stealing theirs too) than I'd ever do by keeping
things secret.

Jan 5 '07 #9

P: n/a
Under Windows, I ususally use py2exe+inno-setup.

Xmmm...i have downloaded this and try a (very) simple project and it is
working great.
Of your experience, does it also working great when you have more
complex solutions,
e.x. many 3rd party modules like wxWidgets and so ??

Jan 5 '07 #10

P: n/a
On 2007-01-05, king kikapu <ab********@panafonet.grwrote:
Are they embarassed by their code?

hehehe...no, just worried about stealing their ideas...
They're deluding themselves.

The vast majority of ideas aren't worth stealing.

If they are worth stealing, you don't need the source code to
do it.

You can figure out the ideas behind almost all software by
running the program for 30 seconds (or just by reading a
description of what it's supposed to do).

Even sophisticated and intricate algorithms and protocols can be
reverse-engineered with or without the source code. Having the
source code often doesn't even help very much.

--
Grant Edwards grante Yow! Join the PLUMBER'S
at UNION!!
visi.com
Jan 5 '07 #11

P: n/a
On 2007-01-05, king kikapu <ab********@panafonet.grwrote:
>Under Windows, I ususally use py2exe+inno-setup.

Xmmm...i have downloaded this and try a (very) simple project
and it is working great. Of your experience, does it also
working great when you have more complex solutions,
e.x. many 3rd party modules like wxWidgets and so ??
Yes. I use it to deply wxPython apps that use a lot of third
party packages like pyserial, numpy, scipy, scientific python,
pygnuplot, plotlib.

The resulting setup.exe files seem awfully large to somebody
who cut his teeth on Unix Version 7 on a PDP-11 with 256KB of
RAM and a 20MB hard drive (and who still writes programs for
platforms with 256 bytes of RAM).

But, by windows standards they're not all that large. Nobody
cares anymore that a program won't fit on a floppy disk...

--
Grant Edwards grante Yow! I think my CAREER
at is RUINED!!
visi.com
Jan 5 '07 #12

P: n/a
king kikapu wrote:
Are they embarassed by their code?

hehehe...no, just worried about stealing their ideas...
I believe that shipping just the bytecode is a pretty effective way to
stop 99% of programmers from
reading your code. Yes, in theory they could decompile it, but in
practice, programmers are lazy.
Look, I am so lazy that usually I don't read the source code, even if
it is there in plain!

Of course, if you only ship the bytecode and your code has bugs, the
tracebacks will be
less explicit and it will be more difficult for you to support your
users. Also, you will stop
the users that could fix the bug for you from doing so and you will
rule out the possibility
of getting help for free. Think about that.

If it was that easy to steal non-trivial ideas from the source code, we
will not complain all
the time about about how difficult is to understand the code written by
others.

Michele Simionato

Jan 5 '07 #13

P: n/a
Ok, i got the point...Things are a little bit different on the other
way of the fence (Microsoft way...) and so many of Python's elements
are a little (at least) strange at first...

But hey, thank you all!

Jan 5 '07 #14

P: n/a
hehehe, but what I am thinking: Is it somehow possible to _really_ hide
the source from being viewed by other persons when using python? Not
that I want to do that ( I am an Open Source friend ), but that might
get others that rely on that (commercial) to use python for more
projects as it is done now.
Yes. I use Python for running background tasks. I wrote many servers in
Python and also websites. Users are using it, but they do not have
access to the .py files. This is one possible way to do it. E.g. hide
the whole computer system from the end users, and allow them to access
some restricted interfaces only.

Of course, you cannot distribute or sell these programs without showing
the source code. You can sell them as a service; that is accessible
remotely. Or you can sell them together with the machine, cased and
stamped. :-)

Laszlo

Jan 5 '07 #15

P: n/a

king kikapu wrote:
Ok, i got the point...Things are a little bit different on the other
way of the fence (Microsoft way...) and so many of Python's elements
are a little (at least) strange at first...

But hey, thank you all!
Not really!

Of course you do not distribute .cs (or .vb) files when deploying your
application, but decompilers for .NET are plenty. Same for Java.

For C and the like, it is a little trickier, but the "decompiler" can
and will produce equivalent code. Better yet, just disassemble it.

What is done nowadays to make people's life harder (as in, they cannot
just copy and paste code) is to use an obfuscator. Are there any for
Python?

This is completely and utterly useless for passwords, though. If you
need to protect something, encrypt it. If it is on a server, you can
control access to the file via filesystem permissions.

Do not expect to keep the password secret if you are distributing it,
though :) I've cracked C programs, Clipper and Java almost
effortlessly. They were all custom programs where the sole developer
would put a password for administrative functions, just to be able to
charge money long after it was deployed.
Stephen

Jan 5 '07 #16

P: n/a

Of course you do not distribute .cs (or .vb) files when deploying your
application, but decompilers for .NET are plenty. Same for Java.
Yes, but in .Net we have some strong dotfuscators that makes reverse
engineer really difficult.
In any way, it is not so easy to get to the source as .py files is.

Jan 5 '07 #17

P: n/a
On Fri, 05 Jan 2007 08:01:17 -0800, Michele Simionato wrote:
king kikapu wrote:
Are they embarassed by their code?

hehehe...no, just worried about stealing their ideas...

I believe that shipping just the bytecode is a pretty effective way to
stop 99% of programmers from
reading your code. Yes, in theory they could decompile it, but in
practice, programmers are lazy.
99% of programmers won't read the code if you ship the source.
Look, I am so lazy that usually I don't read the source code, even if
it is there in plain!
Exactly.

--
Steven.

Jan 6 '07 #18

P: n/a
On Fri, 05 Jan 2007 07:19:37 -0800, king kikapu wrote:
>
Are they embarassed by their code?

hehehe...no, just worried about stealing their ideas...
I don't understand... how can they steal an idea? If somebody copies your
idea, you've still got it, it's not gone.

--
Steven.

Jan 6 '07 #19

P: n/a
On Fri, 05 Jan 2007 15:16:09 -0000, Grant Edwards <gr****@visi.comwrote:
On 2007-01-05, king kikapu <ab********@panafonet.grwrote:
>>Python code is normally deployed as straight source code.

But isn't this a problem of its own? I mean, many people do not feel
good if the know that their source code is lying around on other
machines...

Are they embarassed by their code?
For companies, that may be one reason. For many companies, rightly so ...

/Jorgen

--
// Jorgen Grahn <grahn@ Ph'nglui mglw'nafh Cthulhu
\X/ snipabacken.dyndns.org R'lyeh wgah'nagl fhtagn!
Jan 7 '07 #20

This discussion thread is closed

Replies have been disabled for this discussion.