On Mon, Mar 27, 2017 at 8:13 AM Rudi Hammad <[email protected]> wrote:
> Hello,
> So the studio has asked me to protect some code, because they are giving
> access to external people to it.
> I though that a way of doing it is, introducing in the code an import file
> as theLicense.py , so if that license file isn´t found, the code will not
> work. This license file is stored in the studio server, and no one know the
> root for it.
>
> So the code would be something like
>
>
> ------------------------------------------------------------------------------------------------------------------------------------
> import sys
> my_pth = '/theRoot/tool_lic_file'
> sys.path.append(my_pth)
> try:
> import theLicense
> except:
> cmds.warning("LICENSE NOT FOUND")
> sys.exit()
>
> ------------------------------------------------------------------------------------------------------------------------------------
>
> So what I publish is the .pyc. of that code.
> The problem is that when the code is compiled, if you open it, you´ll see
> something like:
>
>
> ------------------------------------------------------------------------------------------------------------------------------------
> ó
> ØXc s1 d z d[] d l[] z[] e[] gHd
> /theRoot/tool_lic_file append( ( ( s4 > s
>
> ------------------------------------------------------------------------------------------------------------------------------------
>
> As you can see, the root to the license is displayed in the .pyc, so it is
> very easy to get it, and there fore steal the company´s code
>
> ps: I also thought about introducing an expire date, but I don´t like this
> method to much
>
> thank you
>
What you are describing it not really security. It is "security through
obscurity". You are just sort of hoping that it will be complicated for the
average person to figure out the small roadblocks you have put in place to
try and protect your code. Also, a pyc file is no more secure than a plain
text py file, because they are easily disassembled back into py files with
a command line tool.
Basically, you can't expect too much security when distributing python
code. Mostly you have to rely on the support aspects of your license, and
that if they were to change the code, they would become out of sync with
what you support. If you really want to try and protect access to the
source code, then you could try and compile it with cython and distribute
only the compiled modules. This at least converts it to cpython and
distributes an actual binary. It may still be possible to find string
literals, so you will have to check the results of the binary yourself.
Another idea that you can use in combination with cython-compiled code is
to have your tool "phone home". This means that in order to function, it
has to be able to connect to your server and check out a license. And
lastly, the most secure way to protect people from stealing your python
code is to just not ship it all to them, and have it run certain parts of
the functionality as remote calls to your server.
> --
> You received this message because you are subscribed to the Google Groups
> "Python Programming for Autodesk Maya" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/python_inside_maya/464b06bc-1c53-4c79-8684-a9179c5a26f0%40googlegroups.com
> <https://groups.google.com/d/msgid/python_inside_maya/464b06bc-1c53-4c79-8684-a9179c5a26f0%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Python Programming for Autodesk Maya" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/python_inside_maya/CAPGFgA3qFT1EfJvsYh0GyvQS0jh%2BsJBaq4oZo97KRHeYHMhrAg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
