kt83...@gmail.com schrieb:
My company provides some services online, which now they are planning
to make it offline and sell to customers who can use it in their
networks.
One of our major moneywinners is some data which is stored in a
database. Now, this data inside the database was obtained after paying
through the nose - so the company does not want to disclose the data
in the DB to the outside world - not to mention the lawsuits which the
original providers of data will start which will sink the company if
the data goes out.
Now, the code is in Python - and we have a big problem. How to secure
the data in DB? One idea was to encrypt it and store the password in
the code. I dont believe security through obscurity - and python code
can easily be reverse-engineered too - right?
Is it even possible to secure a data in this case?
No. And that has nothing to do with python. If the data is valuable, it
will be decyphered from a compiled piece of code in no time. Believe me,
I work for a company that sells a C++-software with protective measures
of various kinds. It gets hacked. Fact of live.
You could try and raise the bar, as e.g. skype does, with an onion-kind
of code-encryption-scheme. But even *that* is analyzed. And it is
nothing that is done easily and without major impact on your source, so
you might need quite a bit of time to get it right. Is that covered by
the expected revenues?
And even if one doesn't want to hack into the system, if there is an
interface to the data, who stops your users from exploiting that
automatically to access all the data in the DB somehow?
Diez
--
http://mail.python.org/mailman/listinfo/python-list
