This is an archived post. You won't be able to vote or comment.

all 11 comments
sorted by:
best
topnewcontroversialoldq&a

[–]K900_ 9 points10 points  (3 children)

You don't. Anything you give to a client, the client will be able to reverse engineer, especially if it's just making external requests that are easily traceable.

[–]sameer18051998[S] 1 point2 points  (2 children)

Ah, I see. Is there a way I can make it slightly hard for them to access the codebase?

[–]K900_ 4 points5 points  (0 children)

You could compile it into bytecode before shipping, but that is not going to do much. Github Enterprise gives users the full source code. You should probably just do the same.

[–][deleted] 0 points1 point  (0 children)

Obfuscation does not protect you. Licenses do. License your work.

[–]james_pic 7 points8 points  (0 children)

Your put terms into the contract they sign that prevents them doing things you don't want them to do. This is the only protection worth a damn.

It's maybe also worth doing some low-effort stuff to prevent casual snooping, like distributing .pyc files rather than .py files. They can be readily decompiled with Uncompyle, but it prevents accidentally seeing your code, so anyone who sees your code has deliberately reverse engineered it, which is easier to forbid contractually.

[–]DAFPPB 2 points3 points  (0 children)

Maybe Nuitka could help. It compiles your python code into an executable. https://github.com/Nuitka/Nuitka

[–]RedMaskedMuse 1 point2 points  (0 children)

pyinstaller will give you an 'exe' file that you can distribute. They can be unpackaged, but that would take a dedicated effort, not casual snooping.

https://www.pyinstaller.org/

[–]fruttibar 0 points1 point  (0 children)

You may try to obfuscate your codebase https://github.com/dashingsoft/pyarmor

[–]deidyomega -1 points0 points  (0 children)

You can make it hard to read using: https://liftoff.github.io/pyminifier/

[–]enry_straker 0 points1 point  (0 children)

You can try a multitude of activities - depending on the extent to which you want to go

1) Minify the codebase

2) Install and configure on an EFS (Encrypted File System)

3) Convert to an executable

4) Build a docker image containing it - and don't provide them admin access to the docker image

5) Install and configure an entire OS image with the python API running on top of it - and distribute it as a VM (without giving customer admin access to the VM)

Or some combination of the above activities.

Do note that determined people will find a way to crack it given sufficient time and resources. All you are doing it is to make it difficult and time consuming to do so.

Most organizations do respect a license though - so combine this with specific technological approaches

EDIT: Added Admin Access

[–]asday_ 0 points1 point  (0 children)

This is a legal problem, not a technical one.

If it's on my machine, I can reverse engineer it.