如何保护Python源免受修改 [英] How to protect Python source from modification

问题描述

大家好


我正在编写一个多用户会计/业务系统。数据存储在数据库（Linux上的PostgreSQL，Windows上的SQL Server）中。我已经写了在客户端上运行的
a Python程序，它使用wxPython作为gui，

并通过TCP / IP连接到数据库。


客户端程序包含所有身份验证和业务逻辑。

我突然意识到任何人都可以通过修改

程序来绕过它。因为它是用Python编写的，有了源代码，所以这将是非常容易的。我的目标市场很好地延伸到中档，但是我认为任何首席财务官都不会考虑使用一个如此开放的程序来操纵。


我能想到的唯一真正安全的解决方案将涉及一个激进的

重组我的程序，所以我写的是看是否有人有

更简单的建议。这是一个想法。


1.编写一个在服务器上运行的套接字服务器程序。套接字

服务器是唯一连接数据库的程序。客户端

程序连接到服务器，服务器对数据库的客户端进行身份验证，然后监听来自客户端的请求。


2.设计我自己的协议，用于客户端和服务器之间的通信。

对于选择，客户端发送请求，服务器检查权限，

然后从中检索数据数据库并将其传递给客户端。

对于更新，客户端传递要更新的数据，服务器

根据其业务逻辑检查它，然后更新数据库。


存在应该维护状态的问题。如果在

服务器上，我必须保持所有客户端/服务器连接都打开，

并保持所有会话的状态，这将会产生相当大的影响。 />
加载服务器。如果在客户端，我将不得不重新组织我的

思考更多，但这将有一个优势 - 我将

最终想要编写一个浏览器界面，这个在概念上会更接近
，所以这两种方法非常相似。


这就提出了一个问题，即我是否应该打扰gui

客户端，或咬紧牙关，只有一个基于浏览器的前端。

从最近关于Ajax等新技术的评论来看，很多

的缺点已经克服了，所以也许这就是通过这种方式来获取价格。


废弃我所付出的所有努力将是一种耻辱进入我的

基于wxPython的前端。另一方面，

继续采用永远不会给我我想要的方法是毫无意义的。

任何有助于澄清我的想法的建议都将是非常感谢。


谢谢


Frank Millman

Hi all

I am writing a multi-user accounting/business system. Data is stored in
a database (PostgreSQL on Linux, SQL Server on Windows). I have written
a Python program to run on the client, which uses wxPython as a gui,
and connects to the database via TCP/IP.

The client program contains all the authentication and business logic.
It has dawned on me that anyone can bypass this by modifying the
program. As it is written in Python, with source available, this would
be quite easy. My target market extends well up into the mid-range, but
I do not think that any CFO would contemplate using a program that is
so open to manipulation.

The only truly secure solution I can think of would involve a radical
reorganisation of my program, so I am writing to see if anyone has a
simpler suggestion. Here is the idea.

1. Write a socket server program that runs on the server. The socket
server is the only program that connects to the database. The client
program connects to the server, which authenticates the client against
the database and then listens for requests from the client.

2. Devise my own protocol for communication between client and server.
For selects, the client sends a request, the server checks permissions,
then retrieves the data from the database and passes it to the client.
For updates, the client passes up the data to be updated, the server
checks it against its business logic, and then updates the database.

There is the question of where state should be maintained. If on the
server, I would have to keep all the client/server connections open,
and maintain the state of all the sessions, which would put quite a
load on the server. If on the client, I would have to reorganise my
thinking even more, but this would have an advantage - I will
eventually want to write a browser interface, and this would be much
closer in concept, so the two approaches would be quite similar.

This raises the question of whether I should even bother with a gui
client, or bite the bullet and only have a browser based front end.
Judging from recent comments about new technologies such as Ajax, a lot
of the disadvantages have been overcome, so maybe this is the way to
go.

It would be a shame to scrap all the effort I have put into my
wxPython-based front end. On the other hand, it would be pointless to
continue with an approach that is never going to give me what I want.
Any advice which helps to clarify my thinking will be much appreciated.

Thanks

Frank Millman

推荐答案

Frank Millman写道：

Frank Millman wrote:

大家好

我正在编写一个多用户会计/业务系统。数据存储在数据库中（Linux上的PostgreSQL，Windows上的SQL Server）。我已经编写了一个在客户端上运行的Python程序，它使用wxPython作为gui，
并通过TCP / IP连接到数据库。

客户端程序包含所有身份验证和业务逻辑。
我突然意识到任何人都可以通过修改
程序来绕过它。因为它是用Python编写的，有了源代码，所以这很容易。我的目标市场一直延伸到中档，但我认为任何首席财务官都不会考虑使用一个如此开放的程序来操纵。 [...]

Hi all

I am writing a multi-user accounting/business system. Data is stored in
a database (PostgreSQL on Linux, SQL Server on Windows). I have written
a Python program to run on the client, which uses wxPython as a gui,
and connects to the database via TCP/IP.

The client program contains all the authentication and business logic.
It has dawned on me that anyone can bypass this by modifying the
program. As it is written in Python, with source available, this would
be quite easy. My target market extends well up into the mid-range, but
I do not think that any CFO would contemplate using a program that is
so open to manipulation. [...]

我的建议是使用py2exe或cx_Freeze打包你的应用程序。

然后它不是那么琐碎修改它。顺便说一句。你不需要发送

..py源代码文件，它只能发送.pyc字节码文件。


使用py2exe它甚至不是很明显你的应用程序是用
Python编写的。


这不是一个银弹，但至少它会重新编译/修改

你的应用程序不比使用Java（和/或我认为的.NET）更容易。


即便如此，即使你继续使用GUI方法，它可能是一个好主意，在单独的

模块中分解所有业务逻辑，这样你最终可以切换到Web应用程序或三层

模型没有太多的努力。


此外，根本没有必要花费无数个小时来实现你的

拥有网络协议。如果你真的想要将客户端和应用程序单独分离，那么为什么不使用简单的PyRO，甚至是XML / RPC。


HTH，


- Gerhard

My suggestion is to use py2exe or cx_Freeze to package your application.
It''s then not as trivial to modify it. Btw. you don''t need to ship the
..py source code files, it''s enough to ship only .pyc bytecode files.

Using py2exe it''s not even obvious that your application is written in
Python at all.

It''s not a silver bullet, but at least it makes recompiling/modifiying
your app not easier than with Java (and/or .NET I suppose).

That being said, even if you continue with the GUI approach, it may
still be a good idea to factor out all the business logic in a separate
module so you can eventually switch to a web application or a three-tier
model without too much effort.

Also, there''s no need at all to put in countless hours implementing your
own network protocol. If you really want to separate client and app
server, then why not use something simple as PyRO, or even XML/RPC.

HTH,

-- Gerhard

Frank Millman写道：

Frank Millman wrote:

我正在写一个多用户会计/业务系统。数据存储在数据库中（Linux上的PostgreSQL，Windows上的SQL Server）。我已经编写了一个在客户端上运行的Python程序，它使用wxPython作为gui，
并通过TCP / IP连接到数据库。

客户端程序包含所有身份验证和业务逻辑。
我突然意识到任何人都可以通过修改
程序来绕过它。因为它是用Python编写的，有了源代码，所以这很容易。我的目标市场一直延伸到中档，但我认为任何首席财务官都不会考虑使用一个如此开放的程序。

唯一我能想到的真正安全的解决方案将涉及对我的程序进行激进的重组

I am writing a multi-user accounting/business system. Data is stored in
a database (PostgreSQL on Linux, SQL Server on Windows). I have written
a Python program to run on the client, which uses wxPython as a gui,
and connects to the database via TCP/IP.

The client program contains all the authentication and business logic.
It has dawned on me that anyone can bypass this by modifying the
program. As it is written in Python, with source available, this would
be quite easy. My target market extends well up into the mid-range, but
I do not think that any CFO would contemplate using a program that is
so open to manipulation.

The only truly secure solution I can think of would involve a radical
reorganisation of my program

请定义真正安全的内容。对你意味着什么。


我想你会发现唯一的真正安全的解决方案是安装

您希望在用户无法访问物理访问权限的服务器上保护的关键身份验证和业务逻辑内容。


想要保护关键算法的人经常得出结论，他们需要有一个黑匣子。用户无法用物理打开的服务器。


或者你认为这个问题在某些方面对Python来说是独一无二的吗？您可能

没有意识到从安全角度来看唯一的区别

之间运送这样一个用Python编写的程序和一个写的，
$ b $比如说，C ++就是修改程序。

C ++有点单调乏味。这并不比默默无闻的安全更好;也许应该是

称为肥胖安全。 ;-)


但真正的答案确实很大程度上依赖于*确切*你需要什么样的安全性？（或者，最终，结果是什么）你真的需要，一旦你已经根据你在这里得到的反馈澄清了你的想法。问题

喜欢：你是否更关心检测变化，或者首先要阻止它们？b $ b？ （后者更难）;与您竞争的软件的性质是什么？
？ （它真的更安全吗，或者只是显然是这样吗？或许这只是一个营销问题）;你有没有想要在这里保护的任何知识产权，或者你只是想要避免偶然中断正常运作吗？

-Peter

Please define what "truly secure" means to you.

I think you''ll find that the only "truly secure" solution is to install
the critical authentication and business logic stuff that you want to
protect on a server to which the user does not have physical access.

People wanting to protect critical algorithms often conclude that they
need to have a "black box" server which cannot be physically opened by
the user.

Or do you think this issue is in some way unique to Python? You might
not realize that the only difference from a security point of view
between shipping such a program written in Python and one written in,
say, C++, is that "modifying the program" is somewhat more tedious with
C++. That''s no better than security by obscurity; maybe it should be
called "security by adiposity". ;-)

But the real answer does depend a lot on *exactly* what kind of security
you want (or, ultimately, what it turns out you really need, once you''ve
clarified your thinking based on the feedback you do get here). Issues
like: are you more concerned about detecting changes, or in preventing
them in the first place? (the latter is much harder); what is the nature
of software that competes with yours? (is it really any more secure, or
only apparently so? maybe this is just a marketing issue); and is there
any intellectual property that you are trying to protect here, or are
you just interested in avoiding casual disruption of normal operation?

-Peter

Gerhard H？ring写道：

Gerhard H?ring wrote:

Frank Millman写道：

Frank Millman wrote:

大家好

我正在编写一个多用户会计/业务系统。数据存储在数据库中（Linux上的PostgreSQL，Windows上的SQL Server）。我已经编写了一个在客户端上运行的Python程序，它使用wxPython作为gui，
并通过TCP / IP连接到数据库。

客户端程序包含所有身份验证和业务逻辑。
我突然意识到任何人都可以通过修改
程序来绕过它。因为它是用Python编写的，有了源代码，所以这很容易。我的目标市场一直延伸到中档，但我认为任何首席财务官都不会考虑使用一个如此开放的程序来操纵。 [...]
我的建议是使用py2exe或cx_Freeze打包你的应用程序。
然后修改它并不是那么简单。顺便说一句。你不需要发送
.py源代码文件，它只能发送.pyc字节码文件。

使用py2exe它甚至不是很明显你的应用程序完全用Python编写。

它不是一个银弹，但至少它会重新编译/修改你的应用程序不比使用Java更容易（和/或.NET我想）。

Hi all

I am writing a multi-user accounting/business system. Data is stored in
a database (PostgreSQL on Linux, SQL Server on Windows). I have written
a Python program to run on the client, which uses wxPython as a gui,
and connects to the database via TCP/IP.

The client program contains all the authentication and business logic.
It has dawned on me that anyone can bypass this by modifying the
program. As it is written in Python, with source available, this would
be quite easy. My target market extends well up into the mid-range, but
I do not think that any CFO would contemplate using a program that is
so open to manipulation. [...]
My suggestion is to use py2exe or cx_Freeze to package your application.
It''s then not as trivial to modify it. Btw. you don''t need to ship the
.py source code files, it''s enough to ship only .pyc bytecode files.

Using py2exe it''s not even obvious that your application is written in
Python at all.

It''s not a silver bullet, but at least it makes recompiling/modifiying
your app not easier than with Java (and/or .NET I suppose).

我的问题是，如果有人可以访问网络和一个

Python解释器，他们可以获得我的程序的副本并使用它来点击他们自己的客户端程序，该程序连接到

数据库。然后他们就可以执行任意SQL命令了。

话虽如此，即使你继续使用GUI方法，它仍然是一个好主意，可以分解出所有的业务逻辑。单独的
模块，这样您最终可以毫不费力地切换到Web应用程序或三层模型。


同意

此外，根本没有必要花费无数个小时来实现您自己的网络协议。如果你真的想要分离客户端和应用服务器，那么为什么不使用简单的PyRO，甚至是XML / RPC。


也许''协议''是错字。我已经有一个简单的socket

服务器程序在运行。如果解释我是怎么做的，也许你可以用
来表明PyRO或XML / RPC是否会让我的生活变得更轻松。


服务器程序目前被编程为从客户端程序接受许多

消息类型。每个消息的数据字符串

以数字前缀开头，表示消息的类型，

后跟一个pickle元组的参数。服务器程序读取

字符串，提取数字前缀，并使用子线程将其余字符串

传递给相应的函数。

例如，我会跟踪当前登录的用户。启动时，

客户端连接到我的服务器并发送1后跟他们的

用户ID和其他信息。服务器收到此消息并将

数据传递给''login''函数，该函数使用Python字典存储

信息。如果服务器检测到用户已经登录，则它会发回一个错误代码，客户端程序会显示一条消息

并终止。否则它会发回''ok''代码，客户端

可以继续。当客户端注销时，它发送一个''2''后跟

他们的用户ID，服务器接收并将其传递给''注销''

函数从字典中删除条目。


构成

消息的数字前缀和关联数据字符串系统就是我所说的协议。

HTH，

- Gerhard

My problem is that, if someone has access to the network and to a
Python interpreter, they can get hold of a copy of my program and use
it to knock up their own client program that makes a connection to the
database. They can then execute any arbitrary SQL command.
That being said, even if you continue with the GUI approach, it may
still be a good idea to factor out all the business logic in a separate
module so you can eventually switch to a web application or a three-tier
model without too much effort.

Agreed
Also, there''s no need at all to put in countless hours implementing your
own network protocol. If you really want to separate client and app
server, then why not use something simple as PyRO, or even XML/RPC.

Perhaps ''protocol'' is the wrong word. I already have a simple socket
server program running. If explain how I do it, perhaps you can
indicate whether PyRO or XML/RPC would make my life easier.

The server program is currently programmed to accept a number of
message types from the client program. Each message''s data string
starts with a numeric prefix, which indicates the type of message,
followed by a pickled tuple of arguments. The server program reads the
string, extracts the numeric prefix, and passes the rest of the string
to the appropriate function using a subthread.

For example, I keep track of who is currently logged in. On startup,
the client connects to my server and sends a ''1'' followed by their
userid and other information. The server receives this and passed the
data to a ''login'' function, which uses a Python dictionary to store the
information. If the server detects that the user is already logged in,
it sends back an error code and the client program displays a message
and terminates. Otherwise it sends back an ''ok'' code, and the client
can continue. When the client logs off, it sends a ''2'' followed by
their userid, which the server receives and passes it to a ''logoff''
function, which deletes the entry from the dictionary.

The system of numeric prefixes and associated data string making up a
message is what I mean by a protocol.
HTH,

-- Gerhard

谢谢


弗兰克

Thanks

Frank

这篇关于如何保护Python源免受修改的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！