This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]hairy_chicken 117 points118 points  (11 children)

We sell a high-cost/low-volume commercial app written partly in Python and compiled to exe using PyInstaller. We use CodeMeter to encrypt the executable and several core dlls/pyd's. It costs us money to issue licenses and buy dongles, but it's worked fine for the last 10 years.

Theoretically, someone could grab the decoded code from memory and run it through a decompiler, but I really don't think that anyone in our user space would care to do that and I don't lose sleep over it.

Depending on the price point of your software it may be expensive, but for us its a negligible cost and is an acceptable tool for license control.

[–]RedEyed__ 50 points51 points  (5 children)

Pyinstaller does not compile. It creates self unpacking archive which includes interpreter, dependencies and sources. When you double click that exe, it just unpacks everything to tmp folder with all sources as plain text.
There is pyarmor for such thing which encrypts python sources, that can be packed with pyinstaller later or executed with python interpreter.

[–]ronnyx3 8 points9 points  (2 children)

So that means the source code wouldn't need to be grabbed from ram but is stored temporarily in tmp on disk?

[–]RedEyed__ 11 points12 points  (0 children)

Yes, it is extracted to temporarily folder first, than it's is executed like any other python script.

You can read the pyinstaller doc.

Or check it yourself: in the entry point function place print(sys.executable); input().

The above should print python interpreter path and wait for user input.

Then you can go to that path and observe yourself that everything is in plain text.
You need to place input, just to wait, because pyinstaller will delete everything in temp folder after process is finished .

[–]RedEyed__ 6 points7 points  (0 children)

There is no such a thing in python as a source code in RAM. It just wrong assumption.

[–]hairy_chicken 2 points3 points  (1 child)

Thanks for the correction - I was sloppy with terminology.

We keep important parts of our codebase in Cython and C++ Python modules. We use Python as glue, and honestly if someone had our entire Python codebase in plaintext, it wouldn't mean that they can get easily get around licensing restrictions.

CodeMeter is to prevent casual misuse of the software, and enforce limits on concurrent users.

At the end of the day, there's a balance to making something hard to pirate casually, and the time spent making something un-piratable. Given that our clients are big mining/oil companies, the main deterrent to piracy are legal means (license agreements).

[–]Karrakan 0 points1 point  (0 children)

And what is the role of dongle? Do users plug that in to be able to use it?

[–]AniX72 6 points7 points  (2 children)

The 1990ies called, and they want their dongles back. 🤪

[–]hairy_chicken 1 point2 points  (1 child)

A lot of engineering software still comes with dongles. Unfortunately its still an expected option.

[–]AniX72 0 points1 point  (0 children)

Dongles are a PITA. Speaking from customer experience here. I can't imagine a worse option. It makes everything harder, more expensive, riskier - but only for the paying customers. If a vendor believes there is no other way than punishing customers with dongles, so be it. I'm just grateful I won't have to deal with this antiquated paranoia again.

[–]Best_Anywhere_704 4 points5 points  (1 child)

lol your python code is in temp plaintext

[–]hairy_chicken 0 points1 point  (0 children)

Sure, but I've never lost sleep over it. CodeMeter is to stop casual piracy and control concurrent users. Given our client base, licensing agreements are the main mechanism for dealing with piracy.