20

I'm building a fairly complex interpreted program in Python. I've been working on most of this code for other purposes for a few months, and therefore don't want my client to be able to simply copy and try to sell it, as I think it's worth a fair amount.

The problem is that I need the script to run on a server that my client is paying for, so is there any way I can secure a particular folder on the machine from root access, or make it so only one particular use can access the directory? The OS is Ubuntu.

Mike Partridge
  • 6,717

6 Answers6

40

License it.

Really, that's all!

orlp
  • 2,496
9

You can always compile all you files to byte code pyc. There are decompilers out there that can generate source code out of it but nothing serious.

However that will just solve the ability to read the code of your program. To protect the only way is to license it as nightcracker said, because even if you compiled your code, to lets say machine code, if your work is not protected by a license, it can still be commercialized against your will.

Bottom line, compile to byte code and more importantly License it

7

Use Cython. This will allow you to compile your program as a native executable. Then it should be much harder to steal.

As for the directory, the only advice I can give you is make sure you've got your permissions set up correctly. ACLs may be your friend, although I'm not 100% sure that they can restrict root from accessing a file. Even if they could, root could still just change the permission. He's root, he's god -- that's just how these things work.

http://www.korokithakis.net/node/109

Chris Eberle
  • 919
1

I'd suggest licensing, too. On top of licensing, let's encrypt the source code of main routines using asymmetric key algorithm so that only your client's machine can run it. One of the key in the pair be something obtained from the hardware (example: network card's serial number) of your client's machine. Use the other key in the pair to decrypt the source code when running the program. Note that the only deliverable in plaintext would be the decryption routine and the rest would be in ciphertext.

This way your client can copy-and-paste your seemingly gibberish code but can't run it elsewhere. My suggestion is not completely bullet-proof however: the interpreter may store the decrypted program somewhere in memory. Then it is possible that some hacker retrieve your program in plaintext during execution I guess.

As for preventing folders from root access, I agree that root can't be stopped from accessing any files/folders.

1

As the user above showed, disassemblers can get the code back, but as yet it is not very readable (at least not for the open source disassemblers).

I was thinking about this, and one way that I think you could solve this problem (if you call forced open code a problem) is to write an automatic re factoring script. This would be fairly simple actually. You would just feed the script your module, and it would rename all the module-specific variables. This, along with only releasing the compiled file, would do a lot to obfuscate your code.

Doing a search on the PyPI, I found this: http://pypi.python.org/pypi/pyfuscate/0.1 . You should check it and other's like it out and report back :D

Also: You should also License it, of course.

0

Licensing is the best answer here. That said, why does it have to run on their gear? If it is so critically important you might want to spring for a service and build some sort of service API around things so folks can't even see your intellectual property to steal it.

Wyatt Barnett
  • 20,787