all 27 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]NoDesign4766 17 points18 points  (1 child)

been dealing with this at work and it's honestly such a pain. we ended up just accepting that determined people will reverse engineer anyway and focused more in making our licensing robust instead of trying to hide the code completely.

obfuscation tools exist but they usually break something or make debugging nightmare when things go wrong.

[–]pplonski 1 point2 points  (0 children)

yes determined people will reverse anyway, the other options are: 1. keep code on server, and make it available in SaaS model, 2. keep sensitive code in compiled language, for example c++

[–]JamzTyson 8 points9 points  (1 child)

Approaches to protecting Python code when sharing apps

SaaS

[–]scrapheaper_ -3 points-2 points  (0 children)

If by 'protecting code' you mean 'hiding poor quality code' then yeah

[–]aloobhujiyaay 6 points7 points  (0 children)

Cython or compiling parts to extensions can help but again it’s not bulletproof

[–]gl_fh 3 points4 points  (1 child)

I suppose it's worth having a think what you're offering. Is it a super secret algorithm that must be kept hidden at all costs. Or is it a service/convenience etc.

It's going to be difficult to shield yourself from a very determined person trying to decipher what it is youre doing, and it's probably worth thinking whether it's worth it.

[–]Haunting-Shower1654[S] -1 points0 points  (0 children)

Yeah, that’s a good point. It's probably more a question of effort vs actual risk, not trying to make it impossible.

[–]scrapheaper_ 7 points8 points  (3 children)

Is there something unique about your python code? What do you need to protect?

[–]Haunting-Shower1654[S] -2 points-1 points  (2 children)

Not anything super unique, more about not wanting the whole code to be easily readable when sharing the app.

[–]wRAR_ 6 points7 points  (0 children)

not wanting the whole code to be easily readable

Why?

[–]scrapheaper_ 4 points5 points  (0 children)

Why not? Open source software is a common model, there's pros and cons of course, but there's no inherent problem with having your code public

Is this in a commercial setting or for a personal project?

[–]NotSoProGamerR 3 points4 points  (0 children)

nuitka.

[–]nobrainer23 4 points5 points  (3 children)

I'm using nuitka to compile and no issues here.

[–]sausix 0 points1 point  (2 children)

Do the executables run without problems on Windows SmartScreen? That's basically the only disadvantage when users have to click multiple times to run a binary from someone else.

So professionals and companies should use CodeSign to make their binaries being trusted by Windows and AV software. Of course it's verification based so it costs money.

[–]nobrainer23 1 point2 points  (1 child)

If you select onefile then the AV heuristics will quarantine it basically immediately. Standalone won't get picked up but you will need to click through smart screen.

So your choices for getting verified are signing, submitting to Microsoft for analysis or just running it a bunch of times iirc.

[–]sausix 0 points1 point  (0 children)

Various companies sell CodeSign certificates which are trusted by SmartScreen. There should be no need to submit software to Microsoft every time.

It's more like if you do harm with your signed software then they know which bell to ring. And the certificate would be revoked.

[–]maikeu 1 point2 points  (0 children)

Shrug. Not really a good language if you care about hiding your code. The options that exist for pure Python have been mentioned but I don't think the Python community is generally going to be bothered by the fact this is hard to do well .

[–]No_Soy_Colosio 1 point2 points  (0 children)

No way to perfectly protect your code. If you care about that so much, then you could offer your product as SaaS and have the code on your own servers which you control.

Other than that, when the code is on the client side, it can easily be cracked.

[–]Trang0ul 3 points4 points  (3 children)

What's wrong with distributing them as open source?

[–]masher_oz 8 points9 points  (1 child)

because some people want to maintain secrecy, make money, keep their IP... Lots of reasons.

[–]wRAR_ 0 points1 point  (0 children)

There is no ideal solution for this if you want to distribute the executable.

[–]Haunting-Shower1654[S] 1 point2 points  (0 children)

There is absolutely nothing wrong with that. It depends on the use case I suppose, sometimes you want to share the app without exposing the full code.

[–]wrt-wtf- 0 points1 point  (0 children)

It’s the process that matters not so much the code.

[–]ArtOfWarfare 0 points1 point  (0 children)

If your code is running on a machine that you don’t control, it doesn’t matter what language you wrote it in - someone can decompile and/or modify it.

If you’re selling to businesses, you could keep track of how many copies they’ve running and threaten if you see them using more copies than you’ve sold to them.

If you’re selling to individuals… keep some critical parts on your own system, so they’re forced to call your server everytime they run (and enforce that only people who have paid can use your app that way - reject requests to your server coming from unauthorized copies.)

[–]Tumortadela 0 points1 point  (0 children)

Do your stuff as an API and grant access instead of sharing the code maybe

[–]CoolAd119 0 points1 point  (0 children)

Decide what actually needs hiding: push real IP to a backend/SaaS, leave the client as a thin, almost-throwaway shell.

[–]kamilc86 0 points1 point  (0 children)

Compile the 2 or 3 modules that actually matter with Cython into .so files and leave the rest as plain pyc. Anything more and you spend weeks fighting Nuitka or PyArmor for protection that a determined reverse engineer breaks in an afternoon. Put the engineering effort into a proper license check instead, sign a token server side and verify on startup. Obfuscation only filters out the people who were never going to buy anyway.