Hi, Dear my friends,

I have a trick questions to ask you about python scripts for help.

How can I set up a complied python code with a password so that nobody can touch or modify it and even copy it from one PC to another PC? In other words,
is there any way to have the high security in either python script or the complied python scripts? Another question is that the complied python code can be decoded back the orignal script or not? It is all security related issues. If you have better suggestions, I will be happy to listen and many thanks in advance.


Best,

John

What you want isn't technically "security related issues" but "copy protection" issues. The link lists various copy restriction schemes.

You can always compile your python code to a native binary to make it less crackable.

Python is an interpreted language, which byte-compiles itself; both factors make it more crackable than non-interpreted languages like C, C++ and Pascal. So compiling to a native executable helps here a little. But not a whole lot. In general though, once compiled you have guarded your code against most people.

Passwords are used to prevent unauthorized users from running the program.

You can include simple MD5 or CRC checks and the like to verify that code has not been modified at startup or other intervals --but employing such a system is tricky. You'll have to do some research.

There is no way to prevent someone from copying your program to another PC. To date, the best way to prevent someone from executing your program on an unauthorized PC is by using a dongle, which is not cheap to manufacture or buy.

Unless your program is so slick that it threatens Microsoft's/IBM's/Sun's/etc. future revenue, I doubt that you really have too much to worry about someone trying to steal your secrets. Using a program is usually enough for experienced programmers to have a pretty good idea of what is going on behind the scenes.

Hope this helps.

Thanks so much. It is really very helpful although I will follow your direction to get the point I want to. It is really very important to have some guard to protect my model hebind the scene. Many thanks again.

What you want isn't technically "security related issues" but "copy protection" issues. The link lists various copy restriction schemes.

You can always compile your python code to a native binary to make it less crackable.

Python is an interpreted language, which byte-compiles itself; both factors make it more crackable than non-interpreted languages like C, C++ and Pascal. So compiling to a native executable helps here a little. But not a whole lot. In general though, once compiled you have guarded your code against most people.

Passwords are used to prevent unauthorized users from running the program.

You can include simple MD5 or CRC checks and the like to verify that code has not been modified at startup or other intervals --but employing such a system is tricky. You'll have to do some research.

There is no way to prevent someone from copying your program to another PC. To date, the best way to prevent someone from executing your program on an unauthorized PC is by using a dongle, which is not cheap to manufacture or buy.

Unless your program is so slick that it threatens Microsoft's/IBM's/Sun's/etc. future revenue, I doubt that you really have too much to worry about someone trying to steal your secrets. Using a program is usually enough for experienced programmers to have a pretty good idea of what is going on behind the scenes.

Hope this helps.

Edited 3 Years Ago by diafol: fixed formatting

...There is no way to prevent someone from copying your program to another PC. To date, the best way to prevent someone from executing your program on an unauthorized PC is by using a dongle, which is not cheap to manufacture or buy.
...

Agreed, a dongle is a good way to go, but it's expensive.

Another approach is to develop a configuration-based system. A simple example involves looking at the MAC address of the first (hardware) network interface. When the customer first runs the program he has to "register" with you. The program says "enter key or send email to jliu66 with the following text", followed by some cryptic series of digits based on the MAC address, however you choose to hide it. Make sure the same MAC address produces the same series of digits, so there's no change over time.

When you get a "registration email" you extract the MAC address from the cryptic sequence of digits and, using your own secret hash algorithm, produce a "key" which is a different sequence of digits that maps to the MAC address. Send that back to the customer as the "key" to make the program work on that computer. They run the program, enter the key and your program uses the same secret hash algorithm to verify the key matches the hashed MAC address. If OK, save the key somewhere so your code can check it on startup without having to ask the user every time.

If the user moves the program to a different computer, its MAC address will be different and they can't run the program.

Of course you don't need to limit yourself to a MAC address. You can extend the key with any handy configuration objects such as CPU serial number, boot drive volume ID, RAM size, etc. Be prepared to decide what to do if the customer changes the configuration, though.

As has been already noted, even compiled Python can be cracked by a determined hacker. So you want to make that as difficult as possible. Don't put all your checking code in one module. Break all the rules of software engineering. Set global variables in different routines and combine them in others. If a key is present, start running the program and make incremental checks, perhaps as you are processing input data or asking for options. Use threads that stall frequently. Checksum code just before calling it to ensure no breakpoints have been inserted. If the checksum fails, arrange for things to go wrong later, perhaps via judicious use of the code() function. Every funky thing you do complicates the life of the hacker.

Remember, all you can hope to do is make it so hard as to be not worthwhile. How hard that should be depends on how expensive your code is.

This article has been dead for over six months. Start a new discussion instead.