Python 应用程序:您能以某种方式保护您的代码吗?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/475216/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Python Applications: Can You Secure Your Code Somehow?
提问by Eddie Parker
If there is truly a 'best' way, what isthe best way to ship a python app and ensure people can't (easily) reverse engineer your algorithms/security/work in general?
如果真的有“最佳”方式,那么发布Python 应用程序并确保人们不能(轻松)对您的算法/安全性/工作进行逆向工程的最佳方式是什么?
If there isn't a 'best' way, what are the different options available?
如果没有“最佳”方式,有哪些不同的选择?
Background: I love coding in Python and would love to release more apps with it. One thing that I wonder about is the possibility of people circumventing any licensing code I put in, or being able to just rip off my entire source base. I've heard of Py2Exe and similar applications, but I'm curious if there are 'preferred' ways of doing it, or if this problem is just a fact of life.
背景:我喜欢用 Python 编码,并且很想用它发布更多的应用程序。我想知道的一件事是人们是否有可能绕过我输入的任何许可代码,或者能够窃取我的整个源代码库。我听说过 Py2Exe 和类似的应用程序,但我很好奇是否有“首选”的方法来做,或者这个问题是否只是一个现实。
回答by Matthew Flaschen
Security through obscurity neverworks. If you must use a proprietary license, enforce it through the law, not half-baked obfuscation attempts.
默默无闻的安全永远不会奏效。如果您必须使用专有许可,请通过法律强制执行,而不是半生不熟的混淆尝试。
If you're worried about them learning your security (e.g. cryptography) algorithm, the same applies. Real, useful, security algorithms (like AES) are secure even though the algorithm is fully known.
如果您担心他们学习您的安全(例如密码学)算法,同样适用。真实、有用的安全算法(如 AES)是安全的,即使该算法是完全已知的。
回答by Bill Karwin
Even if you use a compiled language like C# or Java, people can perform reverse engineering if they are motivated and technically competent. Obfuscation is not a reliable protection against this.
即使您使用 C# 或 Java 等编译语言,如果人们有动力且技术上胜任,他们也可以执行逆向工程。混淆不是对此的可靠保护。
You can add prohibition against reverse-engineering to your end-user license agreement for your software. Most proprietary companies do this. But that doesn't prevent violation, it only gives you legal recourse.
您可以将禁止逆向工程添加到您的软件的最终用户许可协议中。大多数专有公司都这样做。但这并不能防止违规,它只会为您提供法律追索权。
The bestsolution is to offer products and services in which the user's access to read your code does not harm your ability to sell your product or service. Base your business on service provided, or subscription to periodic updates to data, rather than the code itself.
将最好的解决方案是提供产品和服务,其中用户的访问阅读您的代码不会伤害你的推销自己的产品或服务的能力。将您的业务基于所提供的服务或订阅数据的定期更新,而不是代码本身。
Example: Slashdot actually makes their code for their website available. Does this harm their ability to run their website? No.
示例:Slashdot 实际上使他们的网站代码可用。这是否会损害他们运行网站的能力?不。
Another remedy is to set your price point such that the effort to pirate your code is more costly than simply buying legitimate licenses to use your product. Joel Spolsky has made a recommendation to this effects in his articles and podcasts.
另一个补救措施是设置您的价格点,这样盗版您的代码的成本比简单地购买合法许可证来使用您的产品的成本更高。Joel Spolsky 在他的文章和播客中推荐了这种效果。
回答by Koen Bok
Shipping a commercial mac desktop appin Python, we do exactly as described in the other answers; protect yourself by law with a decent EULA, not by obfuscating.
使用Python 发布商业 mac 桌面应用程序,我们完全按照其他答案中的描述进行操作;使用体面的 EULA 通过法律保护自己,而不是通过混淆。
We have never had any troubles with people reverse engineering our code. And if we do, I feel confident we can take legal action. So yes, it's a fact of life. But one that is not too hard to live with. Just get a decent lawyer that writes a decent EULA.
我们从来没有遇到过任何逆向工程我们代码的麻烦。如果我们这样做,我有信心我们可以采取法律行动。所以,是的,这是生活中的事实。但一种不太难忍受的。找一个像样的律师来写一份像样的 EULA。
回答by alsuren
The word you're looking for is obfuscate. A quick google reveals:
您要查找的词是模糊的。一个快速的谷歌揭示:
http://www.lysator.liu.se/~astrand/projects/pyobfuscate/
http://www.lysator.liu.se/~astrand/projects/pyobfuscate/
but:
但:
a) If copyright infringement becomes a problem, then the law is on your side (as long as you include the appropriate copyright notices in all files).
a) 如果侵犯版权成为一个问题,那么法律站在您这边(只要您在所有文件中包含适当的版权声明)。
b) It's also possible to make a profit on open source applications if you're clever about it.
b) 如果您很聪明,也可以从开源应用程序中获利。
c) If you want your Intellectual Property to be truly secure, then the only answer is to not let anyone have it in the first place: Write your application as a web app, (I recommend using django) and only your web hosting provider has access to your code.
c) 如果您希望您的知识产权真正安全,那么唯一的答案就是首先不要让任何人拥有它:将您的应用程序编写为网络应用程序,(我建议使用 django)并且只有您的网络托管服务提供商拥有访问您的代码。
回答by George
py2exe
py2exe
On windows py2exe is one way of shipping code to end-users, py2exe bundles the python interpreter, the necessary dlls and your code compiled to python bytecode.
在 Windows 上,py2exe 是向最终用户发送代码的一种方式,py2exe 捆绑了 python 解释器、必要的 dll 和编译为 python 字节码的代码。
Here are the python bytecode instructions to get some clue what it looks like:
以下是 python 字节码指令,以获取一些线索:
http://www.python.org/doc/2.5.2/lib/bytecodes.html
http://www.python.org/doc/2.5.2/lib/bytecodes.html
Or you can use disto disassemble some pyc/pyo files.
或者你可以使用dis反汇编一些 pyc/pyo 文件。
So, using py2exe is similar to distributing compiled python (pyc/pyo) files.
因此,使用 py2exe 类似于分发已编译的 python (pyc/pyo) 文件。
Shedskin C++ compiler
Shedskin C++ 编译器
The Shedskin compiler compiles a subset of python to C++ which you can compile to native code using any compiler.
Shedskin 编译器将 Python 的一个子集编译为 C++,您可以使用任何编译器将其编译为本机代码。
pypy
皮皮
I don't know about PyPy too much. According to their docs Pypy is able to generate C code.
我不太了解 PyPy。根据他们的文档,Pypy 能够生成 C 代码。
