On Jan 23, 12:38 pm, "Diez B. Roggisch" <de...@nospam.web.de> wrote: > kt83...@gmail.com schrieb: > > > > > My company provides some services online, which now they are planning > > to make it offline and sell to customers who can use it in their > > networks. > > > One of our major moneywinners is some data which is stored in a > > database. Now, this data inside the database was obtained after paying > > through the nose - so the company does not want to disclose the data > > in the DB to the outside world - not to mention the lawsuits which the > > original providers of data will start which will sink the company if > > the data goes out. > > > Now, the code is in Python - and we have a big problem. How to secure > > the data in DB? One idea was to encrypt it and store the password in > > the code. I dont believe security through obscurity - and python code > > can easily be reverse-engineered too - right? > > > Is it even possible to secure a data in this case? > > No. And that has nothing to do with python. If the data is valuable, it > will be decyphered from a compiled piece of code in no time. Believe me, > I work for a company that sells a C++-software with protective measures > of various kinds. It gets hacked. Fact of live. > > You could try and raise the bar, as e.g. skype does, with an onion-kind > of code-encryption-scheme. But even *that* is analyzed. And it is > nothing that is done easily and without major impact on your source, so > you might need quite a bit of time to get it right. Is that covered by > the expected revenues? > > And even if one doesn't want to hack into the system, if there is an > interface to the data, who stops your users from exploiting that > automatically to access all the data in the DB somehow? > > Diez
Thank you very much Diez. This was my fear. Anyways, if we can make it real hard for them to analyze also, I think we are in the good - esp since the clients are not extremely rich enough to go for professional analyzers -- What is the skype method? The code is not huge - less than 20K LOC so, code encryption looks somewhat OK - would you be able to direct me to any hints on this? One another option that I was thinking was to automatically generate the password for the database - re-encrypt every 1 hr - and store the password inside the code itself. Is that possible in Python? i.e. changing the code itself. KT -- -- http://mail.python.org/mailman/listinfo/python-list
