python - Encrypt your entire program and decrypt only in-memory
问题描述
I wrote a python program for the company I am employed at. We want to bring this code (along with other code) onto customers' server. My boss want the code secured so that the customer cannot read the code. I know that other people have asked similar questions
and the answer so far has been "it cannot be done, use legal measures like NDAs". On the one hand this is hard to believe on the other hand my boss still wants it, not just legal measures (and honestly, I want it to). A colleagues suggested this, which could be other code than python as well and also databases and whatnot, so it would be more all purpose than solutions just tailored to python:
Put all the code into a "box", encrypt the box and make it so that the box can only be decrypted into memory, where the code will be interpreted.
This sounds legit to me. It might be possible for the client to read the content while the program is in memory, but this sounds like a lot of work and not worth the effort for the client.
How could this approach be implemented in practice?
解决方案
有时你需要弄清楚你的老板想要什么效果,而不是老板的要求。
Python 做出了早期的设计选择来防止信息隐藏,以便提供更好的开发工具。这打破了大多数纯 Python 方案。
此外,所有这些系统都可以通过不同程度的努力来破解。最常见的保护机制:
- 与母舰对话:需要互联网连接和您保证跟上的系统(防止 DDOS 攻击等),这样程序需要与母舰对话才能运行。有时登录会做一些简单的事情,比如传回当前日期,这样就可以使用盗版软件,但真的很烦人。其他配置具有仅在服务器上运行的重要代码。
- 颠覆 Python:你可以搞砸导入钩子,解密一些字符串并评估它,搞砸自定义编解码器,运行代码混淆器等。问题是这些总是会导致错误,错误很难调试,用户不再给你其他错误发生的很好的堆栈跟踪。
- 配置客户名称:带有客户名称的配置文件使用一些加密校验和。
所以,一般的答案是否定的。使用合同并远离中国。
推荐阅读
- google-sheets - 无法在查询中传递十进制值?
- facebook - Facebook Messenger Platform 在一个请求中向 Webhook 发送多个事件的情况有哪些?
- ios - 物理 iPad Pro 设备返回的语音合成声音是否与其模拟器不同?
- python - 异步循环内的异步循环
- java - Java Wrapper 的比较
- python - 加速 Python cKDTree
- java - 国际化(语言环境)不适用于 java spring boot 中的口音
- r - RX 轴标签重叠
- vba - Excel VBA将(不变)时间戳添加到命名单元格
- r - 使用 readOGR 循环读取 shapefile