2

I have a Python script that does some complicated statistical calculations on data and want to sell it. I thought about compiling it, but I have read that Python compiled with py2exe can be easily decompiled. So I tried another aproach, namely running the script from the Internet.

Now my code, in file local.py looks like:

local.py

#imports
#define variables and arrays

#very complicated code i want to protect

I want to obtain something like:

File local.py:

#imports
#define variables and arrays

#call to online.py
print(result)

File online.py:

#code protected
#exit(result)

Is there is a better way to do this ? I want client to run the code without being able to see it.

Catalina Chircu
  • 1,506
  • 2
  • 8
  • 19
Gustavo Fringe
  • 21
  • 2
  • 2
    Use an API and sell the API Key – OneCricketeer Sep 07 '20 at 19:15
  • @OneCricketeer Not exactly inline with the question but just curious - what if the deployment is on-premise in client's environment? How can the code be protected in that case? – asanoop24 Sep 07 '20 at 19:18
  • A REST API with an auth key is a valid option here. Nothing on client's environment should be assumed safe, not even compiled/obfuscated code. – Quanta Sep 07 '20 at 19:20
  • I feel like that's more a question for https://security.stackexchange.com/... If any one has the time and resources, they can decompile any code they can access. Putting it on a remote server will be safer, but even then, code is only as safe as remote entry into that system – OneCricketeer Sep 07 '20 at 19:21
  • Is it for windows only? The best is as Quanta says a REST API that works in all systems and you can keep your code secret. Also, just came across [pyInstaller](https://pyinstaller.readthedocs.io/en/stable/). You can take a look at it. – aerijman Sep 07 '20 at 19:26
  • I'll take a look at some rest apis, also i gave pyinstaller a look and it doesnt meet my needs because the exe just create a temp folder, extract .py files there and run the files https://pyinstaller.readthedocs.io/en/stable/operating-mode.html#how-the-one-file-program-works – Gustavo Fringe Sep 07 '20 at 21:33

1 Answers1

1

A web API would work great for this, which is a super simple thing to do. There are numerous Python frameworks for creating simple HTTP APIs, and even writing one from scratch with just low level sockets wouldn't be too hard. If you only want to protect the code itself, you don't even need security features.

If you only want people who've paid for the usage to have access to your API, then you'll need some sort of authentication, like an API key. That's a pretty easy thing to do too, and may come nearly for free from some of the aforementioned frameworks.

So your client's code might look something like this:

File local.py:

import requests

inputdata = get_data_to_operate_on()

r = requests.post('https://api.gustavo.com/somemagicfunction?apikey=23423h234h2g432j34', data=inputdata)
if r.status_code == 200:
    result = r.json()
    # operate on the resulting JSON here
    ...

This code does a HTTP POST request, passing whatever data is returned by the get_data_to_operate_on() call in the body of the request. The body of the response is the result of the processing, which in this code is assumed to be JSON data, but could be in some other format as well.

There are all sorts of options you could add, by changing the path of the request (the '/somemagicfunction' part) or by adding additional query parameters.

This might help you to get started on the server side: https://nordicapis.com/8-open-source-frameworks-for-building-apis-in-python. And here's one way to host your Python server code: https://devcenter.heroku.com/articles/getting-started-with-python

CryptoFool
  • 21,719
  • 5
  • 26
  • 44