Thank you Ahmed for such a detailed information, yes we have a licensing server for managing the encryption keys and licence keys.
I tried to find some resources regarding singing the code but couldn't find any available resources. Do you have any references that could be used. On Tue, 14 Nov, 2023, 20:49 Ahmed Iftikhar, <naqoosh2...@gmail.com> wrote: > Obfuscation can make the code less readable, but it won't provide strong > security. There are Python tools like *pyobfuscate *that can be used for > this purpose. However, keep in mind that this is not encryption, and > determined attackers can still reverse engineer obfuscated code. > While you can encrypt your code, it needs to be decrypted at runtime, > which means the decryption key needs to be available on the client's > server. This introduces a potential vulnerability. An attacker with access > to the server might still be able to retrieve the decryption key. > You can compile Python source code into bytecode (*.pyc *files). This > makes it more difficult to read the code but doesn't provide strong > security. Python bytecode can still be decompiled, and tools like > uncompyle6 can be used to reverse the process. > Instead of sending the decryption key directly to the client, consider > having the client make requests to a licensing server. The server could > respond with a token or key that is used for decryption on the client's > server. This way, the decryption key is not directly exposed. > Implement integrity checks within your Django application. Periodically > verify that the code on the client's server matches the expected checksum. > If modifications are detected, the application could refuse to run. > Sign your code and verify the signature at runtime. This helps ensure that > the code has not been modified. However, the keys used for signing need to > be securely stored. > Consider packaging your Django application within a container (*e.g., > Docker*). This can provide some isolation and control over the runtime > environment. > > On Monday, November 13, 2023 at 6:54:46 PM UTC+5 Om Khade wrote: > >> I want to sell my Django product on a subscription basis to the client >> and set up the server on their server while ensuring that the code is not >> tampered with. For this I need a way to save the Django project in an >> encrypted format and Decrypt the files in RAM using a password that the >> client can get by sending a request to my licensing server. >> >> Is there a way to do this? our a better mechanism to deploy my Python >> project on client-server without them tampering the code. >> > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/af6291d7-620f-4132-93a1-f4e99f7d2a6en%40googlegroups.com > <https://groups.google.com/d/msgid/django-users/af6291d7-620f-4132-93a1-f4e99f7d2a6en%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAMaQUUpO5mDPnBNXjNk70mRNJP%2Bn751DuomR-eOaLBAZYEwmdw%40mail.gmail.com.
