0

I have created a python package that includes a setup.py file. I need this package to be distributed among some clients, who will import and build their products on top of my package and I want to make the package proprietary as it contains some sensitive information.

I have added a license header but there are some URLs that I want to hide from my clients. How to achieve this? Thank you

juanpa.arrivillaga
  • 88,713
  • 10
  • 131
  • 172
Yohan E
  • 309
  • 2
  • 7
  • 1
    Note that during runtime you can easily monitor any outgoing connections your program establishes using external tools. – moooeeeep Nov 19 '19 at 11:57

1 Answers1

2

You don't.

Security through obscurity is broken from the outset. If you ship it to the client, they own it at some level or another.

Especially in the case of python, it makes no sense to hide things, because the interpreter still has to be able to process them - if you encrypt something, you have to ship the decryption tools with it, which means a malicious user already has everything they need to figure out your secrets.

If you don't want a user to have access to it, you can't sent it to the user. Period.

g.d.d.c
  • 46,865
  • 9
  • 101
  • 111
  • Hi, thanks for your answer. Is there a way to compile and give users compiled code. I know it's reversely engineerable but having even that kind of a protection will be enough for my use case. – Yohan E Nov 19 '19 at 11:54