Is there a way to decrypt the code in memory or run the Django project from the encrypted code without exposing the decrypted code to the client?
On Wednesday, 15 November, 2023 at 3:38:39 am UTC+5:30 Om Khade wrote: > Thank you Ahmed for such a detailed information, yes we have a licensing > server for managing the encryption keys and licence keys. > > I tried to find some resources regarding singing the code but couldn't > find any available resources. Do you have any references that could be used. > > > On Tue, 14 Nov, 2023, 20:49 Ahmed Iftikhar, <[email protected]> wrote: > >> Obfuscation can make the code less readable, but it won't provide strong >> security. There are Python tools like *pyobfuscate *that can be used for >> this purpose. However, keep in mind that this is not encryption, and >> determined attackers can still reverse engineer obfuscated code. >> While you can encrypt your code, it needs to be decrypted at runtime, >> which means the decryption key needs to be available on the client's >> server. This introduces a potential vulnerability. An attacker with access >> to the server might still be able to retrieve the decryption key. >> You can compile Python source code into bytecode (*.pyc *files). This >> makes it more difficult to read the code but doesn't provide strong >> security. Python bytecode can still be decompiled, and tools like >> uncompyle6 can be used to reverse the process. >> Instead of sending the decryption key directly to the client, consider >> having the client make requests to a licensing server. The server could >> respond with a token or key that is used for decryption on the client's >> server. This way, the decryption key is not directly exposed. >> Implement integrity checks within your Django application. Periodically >> verify that the code on the client's server matches the expected checksum. >> If modifications are detected, the application could refuse to run. >> Sign your code and verify the signature at runtime. This helps ensure >> that the code has not been modified. However, the keys used for signing >> need to be securely stored. >> Consider packaging your Django application within a container (*e.g., >> Docker*). This can provide some isolation and control over the runtime >> environment. >> >> On Monday, November 13, 2023 at 6:54:46 PM UTC+5 Om Khade wrote: >> >>> I want to sell my Django product on a subscription basis to the client >>> and set up the server on their server while ensuring that the code is not >>> tampered with. For this I need a way to save the Django project in an >>> encrypted format and Decrypt the files in RAM using a password that the >>> client can get by sending a request to my licensing server. >>> >>> Is there a way to do this? our a better mechanism to deploy my Python >>> project on client-server without them tampering the code. >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-users/af6291d7-620f-4132-93a1-f4e99f7d2a6en%40googlegroups.com >> >> <https://groups.google.com/d/msgid/django-users/af6291d7-620f-4132-93a1-f4e99f7d2a6en%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/5cf24a39-5f76-42de-bd00-fc86fd69d49dn%40googlegroups.com.
