Thank you Ahmed for such a detailed information, yes we have a licensing server for managing the encryption keys and licence keys.
I tried to find some resources regarding singing the code but couldn't find any available resources. Do you have any references that could be used. On Tue, 14 Nov, 2023, 20:49 Ahmed Iftikhar, <[email protected]> wrote: > Obfuscation can make the code less readable, but it won't provide strong > security. There are Python tools like *pyobfuscate *that can be used for > this purpose. However, keep in mind that this is not encryption, and > determined attackers can still reverse engineer obfuscated code. > While you can encrypt your code, it needs to be decrypted at runtime, > which means the decryption key needs to be available on the client's > server. This introduces a potential vulnerability. An attacker with access > to the server might still be able to retrieve the decryption key. > You can compile Python source code into bytecode (*.pyc *files). This > makes it more difficult to read the code but doesn't provide strong > security. Python bytecode can still be decompiled, and tools like > uncompyle6 can be used to reverse the process. > Instead of sending the decryption key directly to the client, consider > having the client make requests to a licensing server. The server could > respond with a token or key that is used for decryption on the client's > server. This way, the decryption key is not directly exposed. > Implement integrity checks within your Django application. Periodically > verify that the code on the client's server matches the expected checksum. > If modifications are detected, the application could refuse to run. > Sign your code and verify the signature at runtime. This helps ensure that > the code has not been modified. However, the keys used for signing need to > be securely stored. > Consider packaging your Django application within a container (*e.g., > Docker*). This can provide some isolation and control over the runtime > environment. > > On Monday, November 13, 2023 at 6:54:46 PM UTC+5 Om Khade wrote: > >> I want to sell my Django product on a subscription basis to the client >> and set up the server on their server while ensuring that the code is not >> tampered with. For this I need a way to save the Django project in an >> encrypted format and Decrypt the files in RAM using a password that the >> client can get by sending a request to my licensing server. >> >> Is there a way to do this? our a better mechanism to deploy my Python >> project on client-server without them tampering the code. >> > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/af6291d7-620f-4132-93a1-f4e99f7d2a6en%40googlegroups.com > <https://groups.google.com/d/msgid/django-users/af6291d7-620f-4132-93a1-f4e99f7d2a6en%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAMaQUUpO5mDPnBNXjNk70mRNJP%2Bn751DuomR-eOaLBAZYEwmdw%40mail.gmail.com.
