保护Python源代码 [英] Protecting Python source
问题描述
嗨pythonistas,
我正在寻找与最终用户一起部署应用程序的方法,因此,对于
,python代码是防篡改的。我有什么选择?
我明白我可以提供.pyc或.pyo文件,但他们可以很容易地进行逆向工程我知道了。
是否可以从zip文件加载脚本,其中zip文件
受密码保护?
任何其他想法?
非常感谢,
艾伦
Hi pythonistas,
I am looking for methods of deploying applications with end users so
that the python code is tamper proof. What are my options ?
I understand I can supply .pyc or .pyo files but they can easily be
reverse engineered I am told.
Is it possible to load the scripts from zip files where the zip files
are password protected ?
Any other ideas ?
Many thanks,
Alan
推荐答案
在2004年11月26日星期五上午07:01:27 -0800,Alan Sheehan写道:
On Fri, Nov 26, 2004 at 07:01:27AM -0800, Alan Sheehan wrote:
嗨pythonistas,
我正在寻找与最终用户一起部署应用程序的方法所以说python代码是防篡改的。 [...]
Hi pythonistas,
I am looking for methods of deploying applications with end users so
that the python code is tamper proof. [...]
要获得更有意义的答案,请详细说明
防篡改的含义。什么是攻击者场景?是否有嵌入在Python源代码中的外部
系统的密码,或者有什么关于它的交易?
- Gerhard
----- BEGIN PGP SIGNATURE -----
版本:GnuPG v1.2.4(GNU / Linux)
iD8DBQFBp0eqdIO4ozGCH14RAoqDAJ4ub7NKq7fTd + 28oKG6rt LxWsP + WgCgmFZQ
UQlXTe8qpcUKITzGhegBdXo =
= 7 / id
----- END PGP SIGNATURE ---- -
To get more meaningful answers, please expand on what exactly you mean with
"tamper proof". What is the attacker scenario? Are there passwords for external
systems embedded in the Python source code, or what''s the deal about it?
-- Gerhard
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBp0eqdIO4ozGCH14RAoqDAJ4ub7NKq7fTd+28oKG6rt LxWsP+WgCgmFZQ
UQlXTe8qpcUKITzGhegBdXo=
=7/id
-----END PGP SIGNATURE-----
Alan Sheehan写道:
Alan Sheehan wrote:
嗨pythonistas,
我正在寻找部署方法最终用户的应用程序,以便python代码是防篡改的。我有什么选择?
我知道我可以提供.pyc或.pyo文件,但我知道它们可以很容易地进行逆向工程。
如果你想要防止的只是偶然的用户修改,只需发货编译
字节码就足够了。 (是的,*可以*反编译,但是一个随便的用户
不会打扰,只不过他们打扰拆解标准二进制文件了。)
对于稍微大一点的混淆,将你希望隐藏的关键部分推入一个
C / C ++扩展模块。
没有什么可做的然而,任何能够有效逆向工程纯C ++程序的人都能够很快地解释如何解释.pyc文件。
是否可以从zip文件中加载zip文件
受密码保护的脚本?
Hi pythonistas,
I am looking for methods of deploying applications with end users so
that the python code is tamper proof. What are my options ?
I understand I can supply .pyc or .pyo files but they can easily be
reverse engineered I am told.
If all you want to prevent is casual user tinkering, just shipping compiled
bytecode is probably enough. (yes it *can* be decompiled, but a casual user
isn''t going to bother, any more than they bother disassembling standard binaries).
For slightly greater obfuscation, push the key parts you wish to obscure into a
C/C++ extension module.
There''s nothing to be done to stop the determined cracker, though, as anyone who
can effectively reverse engineer pure C++ programs is going to be able to figure
out how to interpret .pyc files pretty quickly.
Is it possible to load the scripts from zip files where the zip files
are password protected ?
自解释器需要阅读你的zipfile,有潜在的问题
。不过,我相信它可以做到。你需要一个C扩展模块
知道密码并安装了一个自定义导入钩子来处理打开
zip文件。并且拆解扩展模块也会给攻击者提供密码,从而允许他们访问zipfile。
所以,正如Gerhard所说,这真的取决于你的意思是防篡改。
干杯,
尼克。
Since the interpreter needs to read your zipfile, there are potential problems
with that. I believe it could be done, though. You''d need a C extension module
which knew the password and installed a custom import hook to handle opening the
zip file. And disassembling the extension module would also give an attacker
the password, thus allowing them access to the zipfile.
So, as Gerhard said, it really depends on what you mean by "tamper proof".
Cheers,
Nick.
ad*******@eircom.net (Alan Sheehan)写道:
ad*******@eircom.net (Alan Sheehan) writes:
嗨pythonistas,
我正在寻找与最终用户部署应用程序的方法,以便python代码是防篡改的。我有什么选择?
我知道我可以提供.pyc或.pyo文件,但我知道它们可以很容易地进行逆向工程。
是否有可能从zip文件中加载zip文件
受密码保护的脚本?
任何其他想法?
Hi pythonistas,
I am looking for methods of deploying applications with end users so
that the python code is tamper proof. What are my options ?
I understand I can supply .pyc or .pyo files but they can easily be
reverse engineered I am told.
Is it possible to load the scripts from zip files where the zip files
are password protected ?
Any other ideas ?
创建py2exe分发,最简单和最有效的
的事情是为源档案指定不同的扩展名,也许是
app.lib而不是library.zip。这样,至少没有暗示
是一个zip存档。
对于密码,没有很多zipfile密码那里的破解者?
即使在受密码保护的zipfile中,你仍然可以看到
文件名iirc,除非改变了。
Thomas
For py2exe created distributions, the simplest and imo most effective
thing is to specify a different extension for the source archive, maybe
app.lib instead of library.zip. This way, there''s at least no hint that
is is a zip archive.
For passwords, aren''t there lots of zipfile password crackers out there?
And even in a password protected zipfile you are still able to see the
filenames iirc, and unless that has changed.
Thomas
这篇关于保护Python源代码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
