kt83...@gmail.com wrote:
Anyways, if we can make it real hard for them to analyze also, I think we are in the good - esp since the clients are not extremely rich enough to go for professional analyzers --
Sounds like you have the "digital rights management" (DRM) problem. As Diez pointed out, there is no robust software solution. Nevertheless, many clever people have worked each side, so there's now something of a body of practice and experience.
What is the skype method? The code is not huge - less than 20K LOC so, code encryption looks somewhat OK - would you be able to direct me to any hints on this?
I don't think Skype has much to offer here. They're not focused on selling DRM technology; they sell communication services. Third parties can write applications on top of those services, which can be protected by Skype's DRM. (If I'm wrong on that, someone please correct me.)
Diez's noted Skype's use of a layered approach, but there's nothing special about the notion of layered code encryption in DRM software. It's been used multiple times, broken multiple times, and patented multiple times.
One another option that I was thinking was to automatically generate the password for the database - re-encrypt every 1 hr - and store the password inside the code itself. Is that possible in Python? i.e. changing the code itself.
Possible it is. Effective it is almost certainly not, at least not without a whopping bunch of other techniques going vastly beyond that description.
Look up DRM technology companies, such as CloakWare, Macrovision, and Cryptography Research.
If you have a modest number of customers, hardware solutions and/or strict contractual commitments might offer practical solutions.
-- --Bryan -- http://mail.python.org/mailman/listinfo/python-list