15

Python is a scripting language. It is hard to protect python code from being copied. No 100% protection is required but at least slow down those who have bad intentions. Is it possible to minify/uglify python code the way javascript front-end code is being done today?

EDIT: The python code will be used in Raspberry Pi, not server. On raspberry pi, anyone can take out the SDcard and gain access to the python code.

Improve this question
7
  • 7
    JS isn't minified to obfuscate it. It's minified to improve rendering times because of payload size. Commented Sep 8, 2018 at 1:59
  • 3
    Note: You can always distribute the compiled byte code files, not the original source files. It's just obfuscation (like minification, a lot of it can be reversed), and has similar advantages (it's sometimes smaller, and always faster, given that it saves the time spent reparsing/compiling the code). Commented Sep 8, 2018 at 2:06
  • 1
    Neither minifying nor uglifying will be a copy protection.They can only increase the resources need to modify code. Commented Sep 8, 2018 at 2:07
  • 1
    @user781486 I downvoted because the question doesn't really make sense. 1) Minification and obfuscation are different. 2) Server-side code doesn't need to be minified. 3) Obfuscating code doesn't impede bad actors. Commented Sep 8, 2018 at 15:25
  • 1
    @erip this question makes perfect sense to me. I have the same problem as the OP: trying to copy protect, or get as close as possible. In my industry, unscrupulous copying and undercutting is commonplace. I'm interested in concealing the concepts revealed in the binary where class and variable names can still be read. 1) in this context a tool to do either would serve. 2) if I'm not mistaken, smaller CircuitPython running on a microcontroller consumes less of the limited memory available. 3) it might help enough to deter a would be copier. The question is valid in some contexts. Commented May 16, 2021 at 10:48

5 Answers 5

Reset to default
14
  1. What about starting off with only distributing the pyc files? These are files created by Python interpreter for performance reasons--their load times are faster than .pys--but to the casual user they are difficult to decipher.
python -m compileall .
  1. Ramp up the security by using Cython to compile your python src. To "cythonize" your code, run Cython + GCC on each module. The init.py files must be left intact to keep module imports working. A silly Hello world example:
$ cython helloworld.py -o helloworld.c
$ gcc -shared -pthread -fPIC -fwrapv -O2 -Wall -fno-strict-aliasing -I/usr/include/python3.7 -o helloworld.so helloworld.c

YMMV using this approach; I've run into various gotchas using different modules.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

you can restore the Python source code from the pyc files (bytecode) e.g., pylingual.io
11

I will answer my own question.

I found the following software tools that can do the job. I have not tried them, so I cannot comment on how effective they are. Comments are welcomed on their effectiveness.

https://liftoff.github.io/pyminifier/

https://mnfy.readthedocs.io/en/latest/

Improve this answer

4 Comments

Why the negative vote? What's wrong with the answer? It will be good if someone who downvotes explain why for future improvement.
I'm not the downvoter, but the standards here usually require more content to an answer than simply links to off-site content. Since you haven't actually used these tools and can't say much about them, this isn't really supplying much content. Inviting others to comment on their effectiveness doesn't really help, since answers are supposed to stand by themselves as answers to the question; discussion in the comments is only supposed to be for discussing improvements to the answer (the comments themselves are often deleted later).
Thanks. Your feedback is valued. The answer does seem lacking but still useful to myself. I put it in for my future reference to my own question.
There is also python-minifier.
5

Sure, you could uglify it, but given the fact that python relies on indentation for syntax, you couldn't do the equivalent minification (which in JS relies largely upon removing all whitespace).

Beside the point, but JS is minified to make it download faster, not obfuscate it.

Improve this answer

Comments

3

Nuitka.net is a perfect way to convert your python code to compiled object code. This makes reverse engineering and exposing your algorithms extremely hard. Nuitka can also produce an standalone executable that is very portable.

While this may be a way to preserve trade secrets, it comes with some hard limitations.

a) Some Python libraries are already binary distros which are difficult to bundle in a standalone exe (e.g. xgboost, pytorch).

b) wide pip distribution of a binary package is an exercise in deep frustration because it is linked to the CPython library. manylinux and universal builds are a vast wasteland waiting to be mapped and documented.

As for the downvotes, please consider that 1) not all python runs on servers - some run on the edge, 2) non-open source authors need to protect their intellectual property, 3) smaller always makes for faster installs.

Improve this answer

Comments

0

python is executed server-side. while sometimes it's fun to intentionally obfuscate code (look into perl obfuscation ;), it should never be necessary for server-side code.

if you're trying to hide your python from someone but they already have access to the directories and files it is stored in, you have bigger problems than code obfuscation.

Improve this answer

1 Comment

Web sites/apps are not the only context in which code (Python or otherwise) is written. Lots of code runs on a user's computer because they have installed your application/library/script/whatever.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.