0

I have an app written in Python with some AI training models thrown in. It allows for the identification of people in images, nothing new.

However the code itself is deployed to client machines rather than online on a server that I control. As Python is an interpreted language the code is exposed for the world to see and edit. This is something I want to avoid as in time the client can just edit or modify the code to his liking (irrespective of any legal documentation we have in place).

I have used pyarmor to obfuscate the code, added elements of contacting the server to check the license is valid etc. However from what I read where there is a will there is a way to make it machine readable.

I cannot rewrite the code in C++ as I am weak on C++ and the code is now significantly large. Is there any known way to secure your python code? Compile it?

From all my readings obfuscation is the only answer or rewrite in C++.

Was hoping that some of the geniuses here would shed some light/experience.

Much appreciated

Botje
  • 26,269
  • 3
  • 31
  • 41
user19019404
  • 55
  • 5
  • Python (nor any language) is not an interpreted language. The most common implementation, CPython, is both a compiler (of Python source code to a custom byte code) and a virtual machine (which executes the byte code). You should be able to deploy just pre-compiled `.pyc` files to be executed, which at least counts as *some* form of obfuscation. – chepner Aug 01 '23 at 18:38
  • Short version: If the client can run the code, then they can modify the code, and read a version of it. C++ and the like will be more obfuscated (decompilers can rarely undo all the template magic of C++), but you can still reverse engineer the important bits with the aid of a debugger and modify them. *Everything* you do is obfuscation. If you need to protect against a sufficiently driven client, the *only* solution is to not give them the program, and instead have them run it on systems you control via an interface (e.g. REST APIs) that denies them access to the program they're running. – ShadowRanger Aug 01 '23 at 18:50

1 Answers1

0

Even rewriting it in C++, does not guarantee code protection from people who are driven. You'd need to use packing/code virtualising/obfuscating methods to make it as hard as possible, but it still wouldn't 100% secure it. The only way to truly protect your code, would be to make it "cloud" based, or basically deploy it on a server (like as a REST API) and run clients with authentication.

Menma
  • 346
  • 1
  • 4