On Wed, Sep 16, 2015 at 2:40 AM, Grant Edwards <invalid@invalid.invalid> wrote: > On 2015-09-15, Chris Angelico <ros...@gmail.com> wrote: >> >>> I you may be underestimating the laziness and overestimating the >>> cleverness of most people. ;) >> >> Heh :) But in that case, you can probably get away with just >> zipimport. Deflation sure isn't encryption, but the code is pretty >> thoroughly concealed anyway. > > I agree completely. There are three categories of protection: > > 1) The program never leaves your computer. > > 2) Obfuscation to deter the idle curious from mucking about. > > 3) Put the source code on the interwebs.
Agreed. #3 is the protection that I use for most of my code, and it's protected me several times from a threat that's far more serious (in my mind) than someone ripping off my code: it's kept my code safe from hard drive failures. Yeah, nothing like seeing errors spewing off a drive that's suddenly died to make you appreciate distributed source control! (Oh look, my private key is no longer accessible. How terrible... I have to go to GitHub and register a new public key before I can continue development. That's gonna set me back... five whole minutes!) #1 wasn't really viable until the always-on internet connection became a normal thing, but today, it's actually pretty easy. Shove your application up onto cheap hosting somewhere, and make it accessible via the web... anyone can do it, and your code needs no obfuscation to be truly secure. > In category 2 you find the single-file/directory-app bundlers[1] > (which IIRC mostly use something like zipimport) and various other > "encryption" wrappers. They all provide pretty much the same minimal > "protection". > > [1] Most of which are intended to provide ease of distribution and > installation -- the obfuscation is mostly a side-effect. Right. Anyone who thinks zipapp is good for security is wrong, but it sure can be handy for packaging up a one-click "here, download and run this" Windows .exe file. Any obfuscation should be seen as a freebie, on par with the toy you get in a fast-food meal. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
