By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
457,712 Members | 1,231 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 457,712 IT Pros & Developers. It's quick & easy.

Best way to protect my new commercial software.

P: n/a
I wrote a software and I want to protect it so can not be cracked
easily. I wrote it in python and compile it using py2exe. what is the
best way in your opinion?
Dec 10 '07 #1
Share this Question
Share on Google+
38 Replies


P: n/a
Thanks. But I ask this question technically, I mean I know nothing is
uncrackable and popular softwares are not well protected. But my
software is not that type and I don't want this specific software
popular.
It is some kind of in house tool and I want to copy protect it. this
is very complicated tool and not useful for
many people. indeed this is an animation manging tool I wrote for my
company. So if you have any idea that what is the best way to do it,
I'll appreciate that.
Dec 10 '07 #2

P: n/a
On Dec 10, 9:55 am, farsheed <rodmena....@gmail.comwrote:
Thanks. But I ask this question technically, I mean I know nothing is
uncrackable and popular softwares are not well protected. But my
software is not that type and I don't want this specific software
popular.
It is some kind of in house tool and I want to copy protect it. this
is very complicated tool and not useful for
many people. indeed this is an animation manging tool I wrote for my
company. So if you have any idea that what is the best way to do it,
I'll appreciate that.
Oh, then sorry, I never gave much thought to it. If you're not afraid
of legal troubles, you could have it silently phone home so you can
know how many apps are in use at any moment. Given the scale of your
app, it should be feasible for you to simply contact users who didn't
pay and kindly ask them to pay.

The fact that pyc files are so easily de-compiled makes app protection
pretty hard...
Dec 10 '07 #3

P: n/a
So you say there is not any trusted way?
Dec 10 '07 #4

P: n/a
On Dec 10, 9:55 am, farsheed <rodmena....@gmail.comwrote:
Thanks. But I ask this question technically, I mean I know nothing is
uncrackable and popular softwares are not well protected. But my
software is not that type and I don't want this specific software
popular.
Understood.
It is some kind of in house tool and I want to copy protect it. this
is very complicated tool and not useful for
many people. indeed this is an animation manging tool I wrote for my
company. So if you have any idea that what is the best way to do it,
I'll appreciate that.
I'll state my agreement with the opinion usually given when these
kinds of questions are asked: that determined people will find a way
to run software if that software is distributed, and running software
as a service is probably the only reliable way of concealing your
code. If your code is in-house, there might be numerous dependencies
on in-house services that would make the code useless to an outsider,
and you could consider exploiting this aspect of your software.

See this recent thread on this subject:

http://groups.google.com/group/comp....0c8926c0da7df0

This is very much a frequently asked question (the last thread
appeared about three days ago), so I've tidied up a Python Wiki page
dealing with this topic:

http://wiki.python.org/moin/HowDoYouProtectSource

I trust this provides some answers.

Paul
Dec 10 '07 #5

P: n/a
So you say there is not any trusted way?

You cannot distribute any program with the expectation that it
cannot be reverse engineered. Despite what various protection
companies would have folks believe. At some point, the user's
CPU has to execute the code, and at that point, it can be
intercepted, unwound, and intercepted.

The *only* way to prevent people from reverse engineering your
code (until quantum computing becomes a household standard) is to
never give your code to them. Keep it on your servers and only
allow users to access your service, not your code.

Or, you could just trust your customers to adhere to your
licensing terms (with this little thing called "the law" to back
you up, as long as your licensing terms are legal). Then just
distribute your software and spend your energies making a better
product rather than chasing a quixotic dream of protection.

Customers prefer not to be treated as criminals.

-tkc

Dec 10 '07 #6

P: n/a
On Dec 10, 6:26 am, Tim Chase <python.l...@tim.thechases.comwrote:
So you say there is not any trusted way?

You cannot distribute any program with the expectation that it
cannot be reverse engineered.
[snip]
From the OP's post, it seemed likely to me that the OP was asked by a
misguided management to make sure it was "reverse-engineer-proof". So
any attempt to convince the OP may be aimed at the wrong person.

Misguided as they are, sometimes you have to placate these people.
So, are there any ways to make it "harder" to reverse engineer a
program?
Carl Banks
Dec 10 '07 #7

P: n/a
On Dec 10, 8:15 am, farsheed <rodmena....@gmail.comwrote:
I wrote a software and I want to protect it so can not be cracked
easily. I wrote it in python and compile it using py2exe. what is the
best way in your opinion?
I used SoftwarePassport ( http://www.siliconrealms.com/ ) for exactly
this.

I have found it to be very complete, with many possible scheme: trial
period, multiple licence schemes, lock on hardware, moveable
installation, ...

Although it will not stop a highly dedicated hacker, it will raise the
barrier very high for breaking the protected software. A few of the
memory protection were incompatible with py2exe, so you need to
carefully test your program. But for me, it was a breeze to setup and
use.

Dec 10 '07 #8

P: n/a
On Dec 10, 2007 5:56 AM, Carl Banks <pa************@gmail.comwrote:
On Dec 10, 6:26 am, Tim Chase <python.l...@tim.thechases.comwrote:
So you say there is not any trusted way?
You cannot distribute any program with the expectation that it
cannot be reverse engineered.
[snip]

From the OP's post, it seemed likely to me that the OP was asked by a
misguided management to make sure it was "reverse-engineer-proof". So
any attempt to convince the OP may be aimed at the wrong person.

Misguided as they are, sometimes you have to placate these people.
So, are there any ways to make it "harder" to reverse engineer a
program?

Just telling them you did is at least as effective as anything else.
Anyone who knows enough to know that you're lying knows why it's
impossible.
Dec 10 '07 #9

P: n/a
On 2007-12-10, Chris Mellon <ar*****@gmail.comwrote:
On Dec 10, 2007 5:56 AM, Carl Banks <pa************@gmail.comwrote:
>On Dec 10, 6:26 am, Tim Chase <python.l...@tim.thechases.comwrote:
So you say there is not any trusted way?

You cannot distribute any program with the expectation that it
cannot be reverse engineered.
[snip]

>From the OP's post, it seemed likely to me that the OP was asked by a
misguided management to make sure it was "reverse-engineer-proof". So
any attempt to convince the OP may be aimed at the wrong person.

Misguided as they are, sometimes you have to placate these people.
So, are there any ways to make it "harder" to reverse engineer a
program?

Just telling them you did is at least as effective as anything else.
Anyone who knows enough to know that you're lying knows why it's
impossible.
If you're distributing source code, run it through pyobfuscate
and call it done. Otherwise, just use py2exe or something
similar to bundle it up. Both are pretty ineffective at
preventing reverse engineering. But so's everything else. If
none of the options really work, then you might as well pick an
ineffective one that's cheap and easy.

--
Grant Edwards grante Yow! Am I having fun yet?
at
visi.com
Dec 10 '07 #10

P: n/a
farsheed wrote:
It is some kind of in house tool and I want to copy protect it. this
is very complicated tool and not useful for
many people.
So there will be very few people with any incentive to
steal it, and even less if it's not distributed to the
public.

--
Greg
Dec 11 '07 #11

P: n/a
Carl Banks wrote:
From the OP's post, it seemed likely to me that the OP was asked by a
misguided management to make sure it was "reverse-engineer-proof".
In that case, just package it with py2exe and tell him
it's done. The misguided management won't know any better.

--
Greg
Dec 11 '07 #12

P: n/a
Tim Chase wrote:
-Write Lovecraftian code ("import goto" comes to mind) designed
to make reverse-engineers go insane trying to figure out what you
were thinking
The problem with that is it makes it hard for *you* to
figure out what you were thinking...

--
Greg

Dec 11 '07 #13

P: n/a
On 10 Des, 08:15, farsheed <rodmena....@gmail.comwrote:
I wrote a software and I want to protect it so can not be cracked
easily. I wrote it in python and compile it using py2exe. what is the
best way in your opinion?
I wrote this in another thread,

1. Put all the compiled Python bytecode in a heavily encrypted binary
file. Consider using a hardware hash in the key.

2. Program a small binary executable (.exe file) in C or C++ that:

2a. Reads the binary file.

2b. Decrypts it to conventional Python byte code.

2c. Embeds a Python interpreter.

2d. Executes the bytecode with the embedded Python interpreter.

3. Protect the executable with a licence manager such as Flexlm or
SoftwarePassport.

I will not make reverse engineering impossible, but it will be
extremely difficult.

As noted, the only completely safe solution is to provide a web
application instead of distributing your program.

Dec 11 '07 #14

P: n/a
greg wrote:
Tim Chase wrote:
>-Write Lovecraftian code ("import goto" comes to mind) designed
to make reverse-engineers go insane trying to figure out what you
were thinking

The problem with that is it makes it hard for *you* to
figure out what you were thinking...
Psst...other than the Saas answer, they were *all* really bad
ideas :) Sorry if my jesting came across as actually serious.

-tkc

Dec 11 '07 #15

P: n/a
On Tue, 11 Dec 2007 13:07:02 +1300, greg wrote:
Tim Chase wrote:
>-Write Lovecraftian code ("import goto" comes to mind) designed to make
reverse-engineers go insane trying to figure out what you were thinking

The problem with that is it makes it hard for *you* to figure out what
you were thinking...
Why is this a problem? The more time the Original Poster spends
struggling to maintain his copy-protected in-house software that nobody
else wants, the less time he will have to go out and cause mischief by
writing something useful and copy-protecting it.
--
Steven
Dec 11 '07 #16

P: n/a
Steven D'Aprano <st***@REMOVE-THIS-cybersource.com.auwrites:
Why is this a problem? The more time the Original Poster spends
struggling to maintain his copy-protected in-house software that
nobody else wants, the less time he will have to go out and cause
mischief by writing something useful and copy-protecting it.
s/copy-protect/copy-restrict/g

--
\ "Two rules to success in life: 1. Don't tell people everything |
`\ you know." -- Sassan Tat |
_o__) |
Ben Finney
Dec 11 '07 #17

P: n/a
farsheed <ro*********@gmail.comwrote:
Thanks. But I ask this question technically, I mean I know nothing is
uncrackable and popular softwares are not well protected. But my
software is not that type and I don't want this specific software
popular.
It is some kind of in house tool and I want to copy protect it.
Insert some code that tests for something that's special in your
company's environment.

In a networked environment create a simple license server, e.g. one that
uses asymmetric encryption to encrypt incoming data and sends it back to
the client. Your program then send some random data to the server and
decrypts the answer using the server's public key.
Of course that just protects against someone just taking away a copy but
not against reverse engineering.

Florian
--
<http://www.florian-diesch.de/>
-----------------------------------------------------------------------
** Hi! I'm a signature virus! Copy me into your signature, please! **
-----------------------------------------------------------------------
Dec 13 '07 #18

P: n/a
Thank you all. I explain what I did to do it. Very simple but what I
want:

I find the host id of system (using ipconfig) and create a hash code
based on it.(some math, md5 and functions).
the code for licensing is about 15 lines and is very fast. I needed 20
licenses and I wrote a keygen for myself.

Thank you all.
Dec 13 '07 #19

P: n/a
farsheed <ro*********@gmail.comwrites:
the code for licensing is about 15 lines and is very fast. I needed
20 licenses and I wrote a keygen for myself.
Given that you still haven't explained what threat in particular
you're securing against, I wonder whether "very fast" is the only
criterion. In which case, 0 lines of code would probably be even
faster.

--
\ "Any intelligent fool can make things bigger and more |
`\ complex... It takes a touch of genius – and a lot of courage |
_o__) – to move in the opposite direction." —Albert Einstein |
Ben Finney
Dec 13 '07 #20

P: n/a
Let me be clear for you: there are someone in my company who love to
use my software in other companies that she works there also. and
because it is an inhouse tool, my CEO wanted me to protect it from
stealing.
and really we havn't time to copyright it. so I want to secure my
software from some people who love to steal and use it. I am an
animator and 3d programmer, what I wrote is some fast technology for
calculating sub surface lightning (SSS) using mental ray and
renderman. indded this tool works with maya and 3delight and mental
ray standalone. very complicated process and took me tree months to
wrote it. I am not a python pro, I know C++, maya Api, mel,... but I
use python because it is really faster than all of them. hope you
understand why I want to protect it, even if it will slower.
Dec 14 '07 #21

P: n/a
sturlamolden wrote:
I wrote this in another thread,
And here the HOWTO for the crack:
1. Put all the compiled Python bytecode in a heavily encrypted
binary file. Consider using a hardware hash in the key.
Find the part in the binary where the encrypted bytecode is read,
start the binary in a VM to which a debugger is attached (can't
be detected, as it's in a VM) and put a watchpoint for any
access on the encrypted binary.
2. Program a small binary executable (.exe file) in C or C++
that:

2a. Reads the binary file.
Debugger intercepts it.
2b. Decrypts it to conventional Python byte code.
Record where the decoder puts the decrypted bytecode in memory.
2c. Embeds a Python interpreter.
Replace the call of the Python interpreter with a small shellcode
that writes the decrypted code to a file.
2d. Executes the bytecode with the embedded Python
interpreter.
Execute that file with the standalone interpreter.
I will not make reverse engineering impossible, but it will be
extremely difficult.
No. It's just a matter of reading the decrypted bytecode from
memory. Since Python bytecode is independent from any containing
file, it's very hard to test if a certain bytecode runs from a
valid or cracked container.

Any sort of bytecode will sooner or later run through some
interpreter, where it can be ultimately tapped. And unlike some
CPU binary a bytecode also delivers all information to
deobfuscate it. So even self modifying code doesn't help here.

Wolfgang Draxinger
--
E-Mail address works, Jabber: he******@jabber.org, ICQ: 134682867

Dec 14 '07 #22

P: n/a
On Dec 14, 9:08 am, farsheed <rodmena....@gmail.comwrote:
Let me be clear for you: there are someone in my company who love to
use my software in other companies that she works there also. and
because it is an inhouse tool, my CEO wanted me to protect it from
stealing. and really we havn't time to copyright it.
I don't think it's particularly productive to continue this
discussion, given that you're obviously in a situation where you don't
have a great deal of flexibility, but I think you and/or your CEO
might benefit from listening to the PyCon 2007 talk "The Absolute
Minimum an Open Source Developer Must Know About Intellectual
Property" [1]. The speaker misrepresents the FSF somewhat in stating
that they don't believe in property (or some similar phrasing - I
don't recall the exact choice of words), but aside from this the talk
is rather well delivered, with the basic definitions of the different
legal instruments described in an approachable fashion.
so I want to secure my software from some people who love to steal and use it.
It sounds like your CEO has issues with the people he/she employs,
first and foremost.

Paul

[1] Slides available here:
http://us.pycon.org/zope/talks/2007/...3/talkDetails2
Audio available from here:
http://pycon.blogspot.com/2007/11/py...7-podcast.html
Dec 14 '07 #23

P: n/a
On 2007-12-14, farsheed <ro*********@gmail.comwrote:
Let me be clear for you: there are someone in my company who
love to use my software in other companies that she works
there also. and because it is an inhouse tool, my CEO wanted
me to protect it from stealing. and really we havn't time to
copyright it.
Uh what? I don't know what country you're in, but in the US,
it doesn't take any time at all to copyright something. The
mere act of writing something copyrights it. I thought it was
the same in Europe as well.

--
Grant Edwards grante Yow! Oh, I get it!!
at "The BEACH goes on", huh,
visi.com SONNY??
Dec 14 '07 #24

P: n/a
Grant Edwards <gr****@visi.comwrote:
On 2007-12-14, farsheed <ro*********@gmail.comwrote:
Let me be clear for you: there are someone in my company who
love to use my software in other companies that she works
there also. and because it is an inhouse tool, my CEO wanted
me to protect it from stealing. and really we havn't time to
copyright it.

Uh what? I don't know what country you're in, but in the US,
it doesn't take any time at all to copyright something. The
mere act of writing something copyrights it. I thought it was
the same in Europe as well.
It is, you don't have to do anything to copyright something apart from
creating it to start with.

--
Chris Green
Dec 14 '07 #25

P: n/a
farsheed <ro*********@gmail.comwrites:
Let me be clear for you: there are someone in my company who love to
use my software in other companies that she works there also. and
because it is an inhouse tool, my CEO wanted me to protect it from
stealing.
If the person is that untrustworthy, yet already has access *inside*
the company, then any technical solution will be ineffective until the
social issues are dealt with.

--
\ "I got an answering machine for my phone. Now when someone |
`\ calls me up and I'm not home, they get a recording of a busy |
_o__) signal." -- Steven Wright |
Ben Finney
Dec 15 '07 #26

P: n/a
On 14 Des, 11:42, Wolfgang Draxinger <wdraxin...@darkstargames.de>
wrote:
I will not make reverse engineering impossible, but it will be
extremely difficult.

No. It's just a matter of reading the decrypted bytecode from
memory.
Ok, let med rephrase that: It may not be difficult to you. But the
average user will be incapable of doing it. I don't think it will be
possible to copy-protect any program against someone with your level
of competence. Neither computer programming nor this kind of reverse
engineering are common skills. But most users of computers are capable
of copying a program to a USB-stick and use the program somewhere
else.


Dec 15 '07 #27

P: n/a
Op Fri, 14 Dec 2007 16:54:35 +0000, schreef Grant Edwards:
Uh what? I don't know what country you're in, but in the US, it doesn't
take any time at all to copyright something. The mere act of writing
something copyrights it. I thought it was the same in Europe as well.
No, it's only copyrighted when you _publish_ it.
--
JanC
Dec 18 '07 #28

P: n/a
>>>>Jan Claeys <us****@janc.be(JC) wrote:
>JCOp Fri, 14 Dec 2007 16:54:35 +0000, schreef Grant Edwards:
>>Uh what? I don't know what country you're in, but in the US, it doesn't
take any time at all to copyright something. The mere act of writing
something copyrights it. I thought it was the same in Europe as well.
>JCNo, it's only copyrighted when you _publish_ it.
Not here in the Netherlands. It is `the exclusive right of the maker of a
work to publish or copy the work' (loose translation of the introduction of
the law). Otherwise someone else could publish it if he got hold of it in
some legitimate way.
--
Piet van Oostrum <pi**@cs.uu.nl>
URL: http://www.cs.uu.nl/~piet [PGP 8DAE142BE17999C4]
Private email: pi**@vanoostrum.org
Dec 18 '07 #29

P: n/a
Jan Claeys(us****@janc.be)@2007.12.18 12:06:08 +0000:
Op Fri, 14 Dec 2007 16:54:35 +0000, schreef Grant Edwards:
Uh what? I don't know what country you're in, but in the US, it doesn't
take any time at all to copyright something. The mere act of writing
something copyrights it. I thought it was the same in Europe as well.

No, it's only copyrighted when you _publish_ it.

If we're still talking about US law here you are incorrect.

http://www.copyright.gov/help/faq/fa...al.html#mywork

Quoting:

* When is my work protected?

Your work is under copyright protection the moment it is created and
fixed in a tangible form that it is perceptible either directly or
with the aid of a machine or device.

* Do I have to register with your office to be protected?

No. In general, registration is voluntary. Copyright exists from the
moment the work is created. You will have to register, however, if you
wish to bring a lawsuit for infringement of a U.S. work. See Circular
1, Copyright Basics, section 'Copyright Registration.'

Dec 18 '07 #30

P: n/a
On 2007-12-18, Jan Claeys <us****@janc.bewrote:
Op Fri, 14 Dec 2007 16:54:35 +0000, schreef Grant Edwards:
>Uh what? I don't know what country you're in, but in the US, it doesn't
take any time at all to copyright something. The mere act of writing
something copyrights it. I thought it was the same in Europe as well.

No, it's only copyrighted when you _publish_ it.
Interesting. So, in Europe, if somebody steals something you
wrote before you get it published, they're free to do with it
as they please?

I'm glad it doesn't work that way here in the US. Over here,
something is copyrighted as soon as it's written (actually I
think the phrase is "fixed in a medium" or something like
that).

--
Grant Edwards grante Yow! I have accepted
at Provolone into my life!
visi.com
Dec 18 '07 #31

P: n/a
On 2007-12-18, Grant Edwards <gr****@visi.comwrote:
On 2007-12-18, Jan Claeys <us****@janc.bewrote:
>No, it's only copyrighted when you _publish_ it.

Interesting. So, in Europe, if somebody steals something you
wrote before you get it published, they're free to do with it
as they please?
No, I believe the above comment is false. The Berne Convention of 1887
makes copyright automatic as soon as a work is written or recorded.
Thus, most of Europe has had automatic copyright for a very long time,
and all of it does now.
Dec 18 '07 #32

P: n/a
Jan Claeys <us****@janc.bewrote:
Op Fri, 14 Dec 2007 16:54:35 +0000, schreef Grant Edwards:
Uh what? I don't know what country you're in, but in the US, it doesn't
take any time at all to copyright something. The mere act of writing
something copyrights it. I thought it was the same in Europe as well.

No, it's only copyrighted when you _publish_ it.
Which basically means letting anyone else see it, i.e. sending as an
E-Mail, posting on Usenet, etc.
--
Chris Green
Dec 18 '07 #33

P: n/a
On 2007-12-18, Steven D'Aprano <st***@REMOVE-THIS-cybersource.com.auwrote:
On Tue, 18 Dec 2007 17:04:29 +0000, Grant Edwards wrote:
>On 2007-12-18, Jan Claeys <us****@janc.bewrote:
>>Op Fri, 14 Dec 2007 16:54:35 +0000, schreef Grant Edwards:

Uh what? I don't know what country you're in, but in the US, it
doesn't take any time at all to copyright something. The mere act of
writing something copyrights it. I thought it was the same in Europe
as well.

No, it's only copyrighted when you _publish_ it.

Interesting. So, in Europe, if somebody steals something you wrote
before you get it published, they're free to do with it as they please?

Please do not conflate theft and copyright infringement, or theft and
plagiarism.
I wasn't. If I write something down and somebody steals that
paper, that's theft.
They are very different concepts, and confusing them does not
help.
Sorry if I was unclear. The "stealing" was of the medium
containing the authored work.

--
Grant Edwards grante Yow! Used staples are good
at with SOY SAUCE!
visi.com
Dec 18 '07 #34

P: n/a
On Tue, 18 Dec 2007 21:54:26 +0000, Grant Edwards wrote:
On 2007-12-18, Steven D'Aprano <st***@REMOVE-THIS-cybersource.com.au>
wrote:
>On Tue, 18 Dec 2007 17:04:29 +0000, Grant Edwards wrote:
>>On 2007-12-18, Jan Claeys <us****@janc.bewrote:
Op Fri, 14 Dec 2007 16:54:35 +0000, schreef Grant Edwards:

Uh what? I don't know what country you're in, but in the US, it
doesn't take any time at all to copyright something. The mere act
of writing something copyrights it. I thought it was the same in
Europe as well.

No, it's only copyrighted when you _publish_ it.

Interesting. So, in Europe, if somebody steals something you wrote
before you get it published, they're free to do with it as they
please?

Please do not conflate theft and copyright infringement, or theft and
plagiarism.

I wasn't. If I write something down and somebody steals that paper,
that's theft.
In which case copyright isn't going to protect you -- especially if you
were relying on automatic copyright and haven't registered it.


--
Steven
Dec 19 '07 #35

P: n/a
>>>>Steven D'Aprano <st***@REMOVE-THIS-cybersource.com.au(SD) wrote:
>SDIt means that there is a serious problem of "orphan works", where rare
SDand valuable films from the 1920s and earlier are rapidly decaying
SDinto an unusable powder because nobody dares copy them lest the
SDunknown copyright owners descend like vultures and sue you for
SDcopyright infringement *after* you've done the hard work of restoring
SDour cultural heritage.
Our (Dutch) copyright law has a specific exemption for this particular
case for libraries, museums and archives.
--
Piet van Oostrum <pi**@cs.uu.nl>
URL: http://www.cs.uu.nl/~piet [PGP 8DAE142BE17999C4]
Private email: pi**@vanoostrum.org
Dec 19 '07 #36

P: n/a
Well, I think my question was a programming question not a copyright
question.
I expect a nice script in 15-35 lines that protects my software from
working on
another machine. I don't want best protection method available, like
flexlm or etc.
My software is some kind of business secret and working it in another
company means
that other companies can do what we can. Copyright means nothing here
(I live in Iran!). We produce tv animation
and commercials and if a company use it, we even can't aware of it.
Ireally hope for a real post.
but thank all of you for reply.
sorry for my bad english.
Dec 21 '07 #37

P: n/a
On Thu, 20 Dec 2007 21:23:05 -0800, Dennis Lee Bieber wrote:

>I expect a nice script in 15-35 lines that protects my software from
working on another machine.

Ah, but at that shortness, what will protect the protection script?
....
Proprietary information/trade-secret is only effective if it is
never allowed OUT of the company. If someone has access to the code,
there is nothing that can stop them reverse-engineering, copying, etc.
except honor... Don't allow memory cards, CD or DVD, floppies, and email
attachments to go out.
At 15-35 lines, it is short enough for people to copy it down on paper,
or even memorize it, then take it home and work on finding a
vulnerability in it.

--
Steven
Dec 21 '07 #38

P: n/a

"Dennis Lee Bieber" <...netcom.comwrote:
SD declaimed the following in
comp.lang.python:

At 15-35 lines, it is short enough for people to copy it down on paper,
or even memorize it, then take it home and work on finding a
vulnerability in it.

<hehI'd actually been thinking of the real product getting out,
not just the "protection"...
I wonder if the OP would not be better off splitting the app into two bits,
releasing the "client" side and keeping the "server" side secret, in a protected
directory.

That would add the complication of a protocol to make a hacker's life more
miserable, and if there is an "interesting bit" it can be hidden in the server
side.

It also has the advantage that you can log accesses to the server.

Its a lot of extra work, though, and if the stuff is computationally intensive,
it can be slow, because what could be done concurrently on several client
machines would be done serially on the single secret server.

Pyro could help here, as always.

- Hendrik
Dec 22 '07 #39

This discussion thread is closed

Replies have been disabled for this discussion.