Obfuscation can make the code less readable, but it won't provide strong security. There are Python tools like *pyobfuscate *that can be used for this purpose. However, keep in mind that this is not encryption, and determined attackers can still reverse engineer obfuscated code. While you can encrypt your code, it needs to be decrypted at runtime, which means the decryption key needs to be available on the client's server. This introduces a potential vulnerability. An attacker with access to the server might still be able to retrieve the decryption key. You can compile Python source code into bytecode (*.pyc *files). This makes it more difficult to read the code but doesn't provide strong security. Python bytecode can still be decompiled, and tools like uncompyle6 can be used to reverse the process. Instead of sending the decryption key directly to the client, consider having the client make requests to a licensing server. The server could respond with a token or key that is used for decryption on the client's server. This way, the decryption key is not directly exposed. Implement integrity checks within your Django application. Periodically verify that the code on the client's server matches the expected checksum. If modifications are detected, the application could refuse to run. Sign your code and verify the signature at runtime. This helps ensure that the code has not been modified. However, the keys used for signing need to be securely stored. Consider packaging your Django application within a container (*e.g., Docker*). This can provide some isolation and control over the runtime environment.
On Monday, November 13, 2023 at 6:54:46 PM UTC+5 Om Khade wrote: > I want to sell my Django product on a subscription basis to the client and > set up the server on their server while ensuring that the code is not > tampered with. For this I need a way to save the Django project in an > encrypted format and Decrypt the files in RAM using a password that the > client can get by sending a request to my licensing server. > > Is there a way to do this? our a better mechanism to deploy my Python > project on client-server without them tampering the code. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/af6291d7-620f-4132-93a1-f4e99f7d2a6en%40googlegroups.com.
