On Mon, Jul 13, 2009 at 16:19, Roman Gaufman<[email protected]> wrote: > I didn't tell my "clients" anything - my employer said you can't use > Perl because it doesn't have compiled bytecode, I asked what about > python, it does - they came back to me saying to use it. > If you are satisfied with this outcome, more power to you ;-) If want ammunition in favor of Perl: 1. Python bytecode is really easy to decompile, waaay easier than C. Details below. Be careful with stressing this, lest your employer demands C :-\ 2. Perl also uses bytecode, it just doesn't spew it into files by default. But it's easy to do - see below.
> There are disassemblers and decompilers for just about all compiled > bytecode out there - they show you the virtual machine instructions > used and some reference identifiers. There are also disassemblers and > decompilers for compiled C code, that also show you the machine > instructions being used. Bytecodes tend to use higher-level operations, with well-defined function frames on stack, debug information, and no ugly C-style optimizations (inlining, unrolling, order-changing scheduling, etc.) Also, dynamic languages like Python have almost no information that can be thrown out after compilation (e.g. types). Everything you write is needed for running. > pyc is compiled bytecode - so while you can reverse engineer compiled > bytecode (as you can reverse engineer just about everything) -- you > don't have nesting depths, scope, type - all you have is numeric > codes, numeric addresses and some visible references. It's a little > more than fig-leaf protection. > Wrong! Python bytecode retains scopes, variable names, etc. Decompiled python code is really almost identical to original! About the only thing you lost are comments: http://sourceforge.net/projects/decompyle/ http://www.crazy-compilers.com/decompyle/ You can achieve a bit more protection by obfuscating names: http://pawsense.com/python..obfuscator/ http://www.lysator.liu.se/~astrand/projects/pyobfuscate/ but these only work on single-module projects and aren't 100% safe. At the very least, use python -OO to produce .pyo without docstrings. Note that -O also discards assert statements (lesson: never use assert for input validation in Python). Perl bytecode ----------------- See: http://www.developertutorials.com/tutorials/cgi-perl/optimize-perl-050409/page10.html http://perldoc.perl.org/B/Bytecode.html http://www.perlmonks.org/?node_id=62936 (I never used any of those, just shooting relevant google results.) I don't know how much information Perl bytecode retains; from the little I know about Perl internals, I suspect it loses more details and does more transformations than Python, so decompiled code should looks less like the source. If even more armor is needed, there are obfuscators for Perl too. -- Beni <[email protected]> _______________________________________________ Python-il mailing list [email protected] http://hamakor.org.il/cgi-bin/mailman/listinfo/python-il
