Re: distribute Pylons app with bytecode files only?
On Mon, Jul 7, 2008 at 5:48 PM, Cliff Wells [EMAIL PROTECTED] wrote: Sometimes this type of security is required (by law or PHB's), but most people who ask this sort of question are simply following a cargo-cult mentality of believing that source code must be kept secret, without much thought as to why and what the risks/benefits really are. If your code is so unique as to be worth protecting this way then it's probably worth patenting whatever amazing algorithm it contains. If it's not worth the few thousand dollars you'll spend applying for a patent, then it's probably not worth the few thousand dollars of development time you'll spend trying (almost certainly unsuccessfully) to protect your code by technological means. I think this is the most important statement around. After all it's all binary which can be turned into opcodes which can be turned into ASM which can be turned into C,etc. There is no way you can't hide something that is supposed to run on the client machine from the client. So if you want to do it for being cool, go ahead if not use the correct way. Someone ones said, any security scheme can be broken with enough time in your hands. Cliff --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: distribute Pylons app with bytecode files only?
Hi Phlee, it is true that it is possible to decompile bytecode python but it is also true that it is possible to decompile or disassemble any language. That in itself does not make it worthless for two reasons: The first is that it is illegal (if you say so in the license). How easy it is to open the front door of your house? that does not mean anybody does it. People have sued and have won trials in similar circumstances. VB and C# sell because they claim compilation protection but it is not better than in Python. In the specific case of web2py. web2py does one more step before bytecode compiling. It translates all view hierarchy for every action into a single python file (resolves all extended and included templates into one view, and then tuns the html into python code), the it bytecode compiles it. It manly does this to serve pages faster without parsing and string substitution at runtime. This also means that even if they were to decompile it, they would not get exactly the original code and what they'd get would not be too easy to turn into a working web2py application. I am here temporarily so if you have questions we have a google list for web2py. Massimo P.S. Sorry for intruding but I thought this was relevant. Pylons rocks! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: distribute Pylons app with bytecode files only?
Thanks, all I didn't know that by just decompiling bytecode, the source code could be easily derived Will this fact be a limitation for Python apps on embedded systems? I think source code protection seems to be a great concern when deploying apps on embedded systems. On 7月4日, 上午9時40分, Shannon -jj Behrens [EMAIL PROTECTED] wrote: In the past, I worked at a company that stored all Python encrypted in a Berkeley DB and then used a custom import hook to get at it. -jj On Thu, Jul 3, 2008 at 8:45 AM, Dean Landolt [EMAIL PROTECTED] wrote: You do realize it's trivial to decompile python bytecode, right? If you're that worried about your IP, don't code in python. Of course, given enough effort you can pretty much decompile anything. So if you're that worried, perhaps you shouldn't distribute that code at all -- just provide a web service. On Thu, Jul 3, 2008 at 7:05 AM, phlee [EMAIL PROTECTED] wrote: Hi, all Is it possible to distribute a Pylons app in which only .pyc (or .pyo) files are included? If not, can I just say web2py is currently the only Python web framework supporting bytecode distribution? -- It's a walled garden, but the flowers sure are lovely!http://jjinux.blogspot.com/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: distribute Pylons app with bytecode files only?
2008/7/6 phlee [EMAIL PROTECTED]: I didn't know that by just decompiling bytecode, the source code could be easily derived Will this fact be a limitation for Python apps on embedded systems? I think source code protection seems to be a great concern when deploying apps on embedded systems. You'd have to ask an embedded systems businessman; it's not really a Python question. Many of the people on this list are fans of open-source software, so making code obscure is not one of our top priorities, and for some it's an anti-priority. But embedded software is much more specific to its device than general PC software is, so even if you have the source there's not as much you can do with it. The situation is not much different from Javascript. You can't hide Javascript if you want it to run on the user's computer, but that doesn't stop companies from making money with Javascript applications. -- Mike Orr [EMAIL PROTECTED] --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
