On 2018-10-02 00:41, Chris Angelico wrote: > On Tue, Oct 2, 2018 at 12:01 PM Chandana Pattanayak > <chandana.pattana...@patterneffectslabs.com> wrote:
>> I have a requirement to provide basic code protection for a module in our >> product suite. With python 3.6 the .pyc files are created under pycache , >> so if i remove the py file the module is not found anymore. > > If you want code protection, the ONLY reliable way to do it is to not > provide the code *at all*, in any form. That generally means hosting > your application on some sort of server and granting access that way > (eg through a web browser interface). Shipping only .pyc files does > not protect your code - it merely obscures it a little. I can support that. Before retiring, I worked for a vendor of SCADA/EMS for large electric utilities. Since our systems were responsible for operating their critical infrastructure, NERC CIP[1] standards required them to only obtain systems that underwent regular security audits. We sent one of our systems to the NSTB[2] for such an audit. It included only executables, no source code. Yet, when the NSTB sent us their report, they were able to say things like "Lines x-y of zzzz.c have the following vulnerability." Those guys were (are) *sharp*. [1] <https://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx> [2] <https://www.energy.gov/oe/technology-development/energy-delivery-systems-cybersecurity/national-scada-test-bed> -- Michael F. Stemper Outside of a dog, a book is man's best friend. Inside of a dog, it's too dark to read. -- https://mail.python.org/mailman/listinfo/python-list
