1

I have a Python Program whose code I would like to protect. For sake of example, let's say I coded a novel function called "add" which does the following:

def add(n1, n2):
    return n1 + n2

I'd like to release this functionality to users so that people can add numbers together quickly, but I don't want them to be able to see my "secret sauce" (the code) of how I add numbers together.

After looking at this question (and specifically this answer) on Stack Overflow, I've determined that the best way for me to do this is to host a website that allows a person to type in two numbers, and then displays the result.

How can I do this without revealing my Python code?

Pro Q
  • 1,349
  • 2
  • 7
  • 10

1 Answers1

2

If you want to protect the program, then running it as a service, rather than distributing the code is a normal way to go about that.

Make sure you know how to properly secure the service though and that you properly secure the data in transit, and consider availability issues (performance due to load/distance from the user; what happens if it does).

There is a lot more to protecting a service than throwing it on a server somewhere and making it available very a a RESTfull/SOAP interface. If I had more background I could give you a better suggestion on what you would need.

Daisetsu
  • 5,110
  • 1
  • 14
  • 24
  • Let's say it's literally just that function (`add`). Could I, say, use Flask with Jinja and have it be secure? What sorts of things should I explicitly *not* do so that I make sure the Python cannot be seen, no matter how hard someone tries? – Pro Q Oct 06 '18 at 21:24
  • 1
    If someone is determined and skilled enough there's the potential they will find a way to reverse engineer the logic/code even if they don't directly steal the source. I'm not familiar with flask in Jinja specifically, so I can't tell you the best way to harden the implementation. You will also want to harden the server it runs on, because if the server itself is compromised an attacker could compromise the source code. There's tons of potential vulnerabilities in your code, the libraries in python, the templating system, and the OS. – Daisetsu Oct 06 '18 at 21:59
  • If you just want a simple way to protect the logic, you could start by compiling the script into a binary and applying anti reverse engineering to the binary. Alternatively you could run your code through a program to scramble the code (it's still runable, but just a pain for a developer to understand it) – Daisetsu Oct 06 '18 at 22:02
  • Here's a discussion about a similar situation over at stack overflow https://stackoverflow.com/questions/261638/how-do-i-protect-python-code#261727 – Daisetsu Oct 06 '18 at 22:03
  • So while this is a solution to protecting my Python code, there's no real ready-made solution as to *how* this protects my code? It seems as though this is merely one more protective layer, not really a complete solution. In short, it seems I would need to hire security specialists to make sure everything was secure, and even then something could still go wrong. That's at least good to know though. (And yes, that question/answer is exactly what prompted my question.) – Pro Q Oct 07 '18 at 06:43
  • 1
    Correct. Perfect security isn't possible in almost all scenarios, all it takes is one small weakspot in the chain and you're compromised. The best anyone can do is make the effort required to get there more than it's worth. It's like physical security. No house is going to be burglar proof, although if you have dogs, razor wire, a security system, and strong doors, it's unlikely anyone would try. It's about making it not worth the effort for an attacker. – Daisetsu Oct 07 '18 at 14:53