Re: [Discuss] Container to deploy a web service
Another thing you can do is only ship compiled Python bytecode files. You can create these files by using the -O or -OO option. In Python 2, this creates a .pyo file, in Python 3 this creates a .pyc file with opt1 or opt2. On Fri, Nov 9, 2018 at 11:00 AM Dan Ritter wrote: > Tom Luo: > > Is there any alternative besides docker? > > Yes. > > You can: > >- set up servers and sell the service of access to your nifty > idea rather than shipping code to the users. > >- ask your users to sign a contract that says that they will > not read through the source code or re-use it, because the > copyright remains with you. > > -dsr- > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > -- -- Jerry Feldman Boston Linux and Unix PGP key id: 6F6BB6E7 Key fingerprint: 0EDC 2FF5 53A6 8EED 84D1 3050 5715 B88D 6F6B B6E7 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Container to deploy a web service
Tom Luo: > Is there any alternative besides docker? Yes. You can: - set up servers and sell the service of access to your nifty idea rather than shipping code to the users. - ask your users to sign a contract that says that they will not read through the source code or re-use it, because the copyright remains with you. -dsr- ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Container to deploy a web service
Is there any alternative besides docker? On Fri, Nov 9, 2018 at 10:24 AM Rich Pieri wrote: > On Thu, 8 Nov 2018 23:53:52 -0500 > Tom Luo wrote: > > > Thanks for answers. I just feel docker should support the feature to > > hide all details inside the container and just expose a port. > > We explained why this is not possible. Your desire to be proprietary > cannot change reality. > > -- > Rich Pieri > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Container to deploy a web service
On Thu, 8 Nov 2018 23:53:52 -0500 Tom Luo wrote: > Thanks for answers. I just feel docker should support the feature to > hide all details inside the container and just expose a port. We explained why this is not possible. Your desire to be proprietary cannot change reality. -- Rich Pieri ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Container to deploy a web service
Tom Luo: > Hi, all, > > Thanks for answers. I just feel docker should support the feature to hide > all details inside the container and just expose a port. How would you do that? Encrypt the container? See my previous discussion of how that doesn't actually work. -dsr- ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Container to deploy a web service
Hi, all, Thanks for answers. I just feel docker should support the feature to hide all details inside the container and just expose a port. I know I can compile to python code from .py to .pyc. But the python byte code is not that difficult to reverse engineering. Thanks, Tom On Thu, Nov 8, 2018 at 7:57 PM Jason Normand wrote: > one other thing is if you if you are providing a container or vm you could > precompile all or some of the python. > > On Thu, Nov 8, 2018 at 10:05 AM Rich Pieri > wrote: > > > On Thu, 8 Nov 2018 02:34:42 -0500 > > Tom Luo wrote: > > > > > Basically, what I need is to provide a port for customers to access > > > the service. At the same time, I don't want customers to see my code. > > > > > > What should I do? Any ideas? > > > > The Docker host can see everything in the container. The customer > > controls the Docker host. Therefore the customer can see everything in > > the container. Likewise the VirtualBox host once the encrypted VM is > > unlocked. Likewise every other deployment where the customer controls > > the deployment target. > > > > Solution: If you don't want your customers to see the source code > > then don't ship source code. > > > > -- > > Rich Pieri > > ___ > > Discuss mailing list > > Discuss@blu.org > > http://lists.blu.org/mailman/listinfo/discuss > > > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Container to deploy a web service
one other thing is if you if you are providing a container or vm you could precompile all or some of the python. On Thu, Nov 8, 2018 at 10:05 AM Rich Pieri wrote: > On Thu, 8 Nov 2018 02:34:42 -0500 > Tom Luo wrote: > > > Basically, what I need is to provide a port for customers to access > > the service. At the same time, I don't want customers to see my code. > > > > What should I do? Any ideas? > > The Docker host can see everything in the container. The customer > controls the Docker host. Therefore the customer can see everything in > the container. Likewise the VirtualBox host once the encrypted VM is > unlocked. Likewise every other deployment where the customer controls > the deployment target. > > Solution: If you don't want your customers to see the source code > then don't ship source code. > > -- > Rich Pieri > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Container to deploy a web service
On Thu, 8 Nov 2018 02:34:42 -0500 Tom Luo wrote: > Basically, what I need is to provide a port for customers to access > the service. At the same time, I don't want customers to see my code. > > What should I do? Any ideas? The Docker host can see everything in the container. The customer controls the Docker host. Therefore the customer can see everything in the container. Likewise the VirtualBox host once the encrypted VM is unlocked. Likewise every other deployment where the customer controls the deployment target. Solution: If you don't want your customers to see the source code then don't ship source code. -- Rich Pieri ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Container to deploy a web service
Dan, I fully agree, I was mostly making the point that in docker everything is shared with the host system. its possible to obscure things, but that all depends on how savy and motivated the users are. in the end docker is a open system, build by people with an open source mentality. there are companies working to address security concerns, but the complexities involved are not for your average user. On Thu, Nov 8, 2018 at 9:45 AM Dan Ritter wrote: > Jason Normand: > > from a strictly technical perspective, in order to make something like > this > > work in docker you would need to set up some kind of runtime decryption. > > basically your system would need to read encrypted files from the volume > > then decrypt them into a memory based storage (harder thought not > > impossible to read form the host). with docker any files in a running > > container are fully accessible from the host system, and further files in > > the container image can be unpacked by anyone with access to the image. > so > > with docker who ever has access to the host system, has access to all > > container files. > > All of this has happened before. It's called "copy protection" > or "DRM - digital rights management". > > It always goes like this: > > 1. I want to sell you something, but I don't want you to be able >to look inside it or copy it or something. > > 2. So I encrypt the thing. Now you can't access it. > > 3. So I give you a method of playing the thing. > > 4. But you still can't access it because it's encrypted, so I >also have to send the key along. > > 5. Now I have sent you the encrypted thing, a way to use the >thing, and the key to unencrypting the thing. Why have I gone >to all this bother again? > > In case it's clear: don't do this. It's not worth while. > > -dsr- > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Container to deploy a web service
Jason Normand: > from a strictly technical perspective, in order to make something like this > work in docker you would need to set up some kind of runtime decryption. > basically your system would need to read encrypted files from the volume > then decrypt them into a memory based storage (harder thought not > impossible to read form the host). with docker any files in a running > container are fully accessible from the host system, and further files in > the container image can be unpacked by anyone with access to the image. so > with docker who ever has access to the host system, has access to all > container files. All of this has happened before. It's called "copy protection" or "DRM - digital rights management". It always goes like this: 1. I want to sell you something, but I don't want you to be able to look inside it or copy it or something. 2. So I encrypt the thing. Now you can't access it. 3. So I give you a method of playing the thing. 4. But you still can't access it because it's encrypted, so I also have to send the key along. 5. Now I have sent you the encrypted thing, a way to use the thing, and the key to unencrypting the thing. Why have I gone to all this bother again? In case it's clear: don't do this. It's not worth while. -dsr- ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Container to deploy a web service
from a strictly technical perspective, in order to make something like this work in docker you would need to set up some kind of runtime decryption. basically your system would need to read encrypted files from the volume then decrypt them into a memory based storage (harder thought not impossible to read form the host). with docker any files in a running container are fully accessible from the host system, and further files in the container image can be unpacked by anyone with access to the image. so with docker who ever has access to the host system, has access to all container files. On Thu, Nov 8, 2018 at 2:35 AM Tom Luo wrote: > Hi, all, > > I developed a software which provide a web service. > When I deploy the software in customer's machines, I don't want them to see > the source code. > I tried to use docker, but I found out that docker cannot provide password > protection. The customer can still see the source code. The source code > contains python code and javascript code. I feel possibly virtual box is an > option. But I have not tried yet. > Basically, what I need is to provide a port for customers to access the > service. At the same time, I don't want customers to see my code. > > What should I do? Any ideas? > > > Thanks, > > Tom > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Container to deploy a web service
Tom Luo: > Hi, all, > > I developed a software which provide a web service. > When I deploy the software in customer's machines, I don't want them to see > the source code. > I tried to use docker, but I found out that docker cannot provide password > protection. The customer can still see the source code. The source code > contains python code and javascript code. I feel possibly virtual box is an > option. But I have not tried yet. > Basically, what I need is to provide a port for customers to access the > service. At the same time, I don't want customers to see my code. > > What should I do? Any ideas? If you don't want them to see the source code, you need to not send them the source code. Since it's a web service, you would operate it as a service, charging a repeating fee, rather than as a product, where you ship it and forget about it. Alternatively, you could depend on a contract to prevent them from looking inside whatever you ship them. After all, you already depend on a contract sell it to them, and the code is covered by copyright. Remember that when you ship code around, you need to be obeying the applicable copyrights for anything you have included from other people. -dsr- ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Container to deploy a web service
If you open up the service port (let's say it's running on 8080) but limit SSH login to a key only you have, then they should be able to use the service without seeing in the docker image at all. On 11/8/18 2:34 AM, Tom Luo wrote: Hi, all, I developed a software which provide a web service. When I deploy the software in customer's machines, I don't want them to see the source code. I tried to use docker, but I found out that docker cannot provide password protection. The customer can still see the source code. The source code contains python code and javascript code. I feel possibly virtual box is an option. But I have not tried yet. Basically, what I need is to provide a port for customers to access the service. At the same time, I don't want customers to see my code. What should I do? Any ideas? Thanks, Tom ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss