I am trying to make an application that should not portable between computers or between users of the same computer.
Which is the best way to do this?
edit:
By not portable I meant, the application should not be usable without installing it. ie) moving the installed folder to a different computer or different user login of the same computer.
How can we get an id that is always unique to a user login in a computer?.
please excuse my poor english.
Almost no matter what mechanism you implement, the other user will always be able to decompile the program and route around what prevents running it with relative ease. Two exceptions:
Move key functionality + authentication into c modules. This makes circumvention harder, but not impossible
Move key functionality + authentication into a call to a program executing on a remote machine that you control. Here the other user needs to re-implement the function(s) based on sample input and output - direct reverse engineering is not possible.
These points are covered in further detail in the answers to the linked-to question. Of course, as some answers point out, you need to determine how much trouble you wish to go to and if it is worth your while to do so. Maybe a naive python native access control is enough deterrant, even if an adept programmer can work around it.
Let your installation script copy some modules of your program to user application directory.
In your program add that path to sys.path, that import would find your modules.
If you want only one user to have access you have to create some kind of "login".
That's what registration or activation keys are for.
http://en.wikipedia.org/wiki/Product_key
You include the user name and some machine identification in the key,
Related
We're working with an older zope version (2.10.6-final, python 2.4.5) and working with a database adapter called ZEIngresDA. We have an established connection for it, and the test function shows that it is totally functional and can connect and run queries.
My job is to change the way that the queries are actually executing, so that they're properly parameterizing variables to protect against sql injection. With that said, I'm running into a security issue that I'm hoping someone can help with.
connection = container.util.ZEIngresDAName()
#returning connection at this point reveals it to be of type ZEIngresDA.db.DA,
#which is the object we're looking for.
connection.query("SELECT * from data WHERE column='%s';", ('val1',))
#query is a function that is included in class DA, functions not in DA throw errors.
Here we run into the problem. Testing this script brings up a login prompt that, when logged into, immediately comes up again. I recognize that this is likely some type of security setting, but I've been unable to find anything online about this issue, though this old of zope documentation isn't spectacular online anyways. If this sounds familiar to you or you have any ideas, please let me know.
I have some experience using Zope2 but it's hard to give a good answer with the limited information you've posted. I'm assuming here that you're using a Python script within the ZMI
Here's a list of things I would check:
Are you logged into the root folder rather than a sub folder in the ZMI? This could cause a login prompt as you're requesting a resource that you do not have access to use
In the ZMI double check the "security" tab of the script you're trying to run to ensure that your user role has permission to run the script
Whilst you're there check the "proxy" tab to ensure that the script itself has permission to call the functions within it
Also worth checking that the products you're trying to use were installed by a user which is still listed in the root acl_user folder - from memory this can cause issues with the login prompt
Best of luck to you - happy (also sad) to hear that there's at least one other Zope user out there!
I have to setup a program which reads in some parameters from a widget/gui, calculates some stuff based on database values and the input, and finally sends some ascii files via ftp to remote servers.
In general, I would suggest a python program to do the tasks. Write a Qt widget as a gui (interactively changing views, putting numbers into tables, setting up check boxes, switching between various layers - never done something as complex in python, but some experience in IDL with event handling etc), set up data classes that have unctions, both to create the ascii files with the given convention, and to send the files via ftp to some remote server.
However, since my company is a bunch of Windows users, each sitting at their personal desktop, installing python and all necessary libraries on each individual machine would be a pain in the ass.
In addition, in a future version the program is supposed to become smart and do some optimization 24/7. Therefore, it makes sense to put it to a server. As I personally rather use Linux, the server is already set up using Ubuntu server.
The idea is now to run my application on the server. But how can the users access and control the program?
The easiest way for everybody to access something like a common control panel would be a browser I guess. I have to make sure only one person at a time is sending signals to the same units at a time, but that should be doable via flags in the database.
After some google-ing, next to QtWebKit, django seems to the first choice for such a task. But...
Can I run a full fledged python program underneath my web application? Is django the right tool to do so?
As mentioned previously, in the (intermediate) future ( ~1 year), we might have to implement some computational expensive tasks. Is it then also possible to utilize C as it is within normal python?
Another question I have is on the development. In order to become productive, we have to advance in small steps. Can I first create regular python classes, which later on can be imported to my web application? (Same question applies for widgets / QT?)
Finally: Is there a better way to go? Any standards, any references?
Django is a good candidate for the website, however:
It is not a good idea to run heavy functionality from a website. it should happen in a separate process.
All functions should be asynchronous, I.E. You should never wait for something to complete.
I would personally recommend writing a separate process with a message queue and the website would only ask that process for statuses and always display a result immediatly to the user
You can use ajax so that the browser will always have the latest result.
ZeroMQ or Celery are useful for implementing the functionality.
You can implement functionality in C pretty easily. I recomment however that you write that functionality as pure c with a SWIG wrapper rather that writing it as an extension module for python. That way the functionality will be portable and not dependent on the python website.
I understand that letting any anonymous user upload any sort of file in general can be dangerous, especially if it's code. However, I have an idea to let users upload custom AI scripts to my website. I would provide the template so that the user could compete with other AI's in an online web game I wrote in Python. I either need a solution to ensure a user couldn't compromise any other files or inject malicious code via their uploaded script or a solution for client-side execution of the game. Any suggestions? (I'm looking for a solution that will work with my Python scripts)
I am in no way associated with this site and I'm only linking it because it tries to achieve what you are getting after: jailing of python. The site is code pad.
According to the about page it is ran under geordi and traps all sys calls with ptrace. In addition to be chroot'ed they are on a virtual machine with firewalls in place to disallow outbound connections.
Consider it a starting point but I do have to chime in on the whole danger thing. Gotta CYA myself. :)
Using PyPy you can create a python sandbox. The sandbox is a separate and supposedly secure python environment where you can execute their scripts. More info here
http://codespeak.net/pypy/dist/pypy/doc/sandbox.html
"In theory it's impossible to do anything bad or read a random file on the machine from this prompt."
"This is safe to do even if script.py comes from some random untrusted source, e.g. if it is done by an HTTP server."
Along with other safeguards, you can also incorporate human review of the code. Assuming part of the experience is reviewing other members' solutions, and everyone is a python developer, don't allow new code to be activated until a certain number of members vote for it. Your users aren't going to approve malicious code.
Yes.
Allow them to script their client, not your server.
PyPy is probably a decent bet on the server side as suggested, but I'd look into having your python backend provide well defined APIs and data formats and have the users implement the AI and logic in Javascript so it can run in their browser. So the interaction would look like: For each match/turn/etc, pass data to the browser in a well defined format, provide a javascript template that receives the data and can implement logic, and provide web APIs that can be invoked by the client (browser) to take the desired actions. That way you don't have to worry about security or server power.
Have an extensive API for the users and strip all other calls upon upload (such as import statements). Also, strip everything that has anything to do with file i/o.
(You might want to do multiple passes to ensure that you didn't miss anything.)
I'm using twisted to create a server.
Problem is, I must protect my code. Since I don't want to publish it, I'm not really interess into obfuscation or compilation of the python code.
My problem is, my twisted application must run with root uid and a lot of people have root access to this server.
I don't care if they can read it, but I want sure they can't modify it!
What is the best solution, knowing I'm using twisted? I've seen in twistd, tapconvert and mktap that twisted can "encrypt" my code, but I didn't find any good documentation about that.
Anybody to help me?
Thanks in advance for any answer =)
Have a nice day!
/!\ EDIT:
I got another question, I've wrote my code following this part of twisted documentation: http://twistedmatrix.com/documents/current/core/howto/application.html so I launch my server using a command like twistd -y server.py --logfile ...
Since I'm doing that, I assume I can't use software like cx_Freeze to hide my code right ?
You have a number of problems here.
my twisted application must run with root uid
This is bad. If there are vulnerabilities in your application, then they will be made more serious by running as root. You should consider finding a way to not run as root. For example, if you only run as root so you can bind to a low numbered port, consider using authbind instead.
a lot of people have root access to this server
Perhaps you should limit privileged access to those people who actually need it. If that isn't an option, then perhaps you should at least limit access to people you can trust. Someone who has root on a machine can do anything they want on that machine, and defeat any scheme you dream up.
I don't care if they can read it, but I want sure they can't modify it!
You should ask them not to modify it, then.
I've seen in twistd, tapconvert and mktap that twisted can "encrypt" my code, but I didn't find any good documentation about that. Anybody to help me?
You shouldn't bother trying to use the encryption features of twistd and mktap. These don't prevent anyone from changing your code. At best they might prevent someone from reading some of it. As you said, this isn't even your goal. Even if it were your goal, someone with root access will be able to decrypt these files easily, so it doesn't even help there.
If you give code to someone, expect them to be able to do anything and everything they want with it. If you put code on a server, you are effectively giving it to everyone with root access to that server.
So, stop thinking about encryption and other technical issues and think of some other way to achieve your goals - fire the untrustworthy administrators, use an appropriate license on the code, get an actual contract, etc.
AFAIK, there is no way to prevent a root user from modifying a plain text file. Root is just that, they can do anything they want with it including modifying. Why do so many people have root access to the machine anyway?
If you're concerned, you really have two options:
Encrypt the files in whatever way you want (I don't know if Twisted does it or how)
'Compile' the code for your platform. There are a few Python compilers out there but I don't know if they work with Linux. I'm a free software guy so I want people to read and modify my code. Protecting it doesn't concern me.
I guess you do have a third option of protecting it legally with a license. But if they violate your license then there's the cost of taking them to court over it.
Not many options. Sorry.
Anthony
I understand that letting any anonymous user upload any sort of file in general can be dangerous, especially if it's code. However, I have an idea to let users upload custom AI scripts to my website. I would provide the template so that the user could compete with other AI's in an online web game I wrote in Python. I either need a solution to ensure a user couldn't compromise any other files or inject malicious code via their uploaded script or a solution for client-side execution of the game. Any suggestions? (I'm looking for a solution that will work with my Python scripts)
I am in no way associated with this site and I'm only linking it because it tries to achieve what you are getting after: jailing of python. The site is code pad.
According to the about page it is ran under geordi and traps all sys calls with ptrace. In addition to be chroot'ed they are on a virtual machine with firewalls in place to disallow outbound connections.
Consider it a starting point but I do have to chime in on the whole danger thing. Gotta CYA myself. :)
Using PyPy you can create a python sandbox. The sandbox is a separate and supposedly secure python environment where you can execute their scripts. More info here
http://codespeak.net/pypy/dist/pypy/doc/sandbox.html
"In theory it's impossible to do anything bad or read a random file on the machine from this prompt."
"This is safe to do even if script.py comes from some random untrusted source, e.g. if it is done by an HTTP server."
Along with other safeguards, you can also incorporate human review of the code. Assuming part of the experience is reviewing other members' solutions, and everyone is a python developer, don't allow new code to be activated until a certain number of members vote for it. Your users aren't going to approve malicious code.
Yes.
Allow them to script their client, not your server.
PyPy is probably a decent bet on the server side as suggested, but I'd look into having your python backend provide well defined APIs and data formats and have the users implement the AI and logic in Javascript so it can run in their browser. So the interaction would look like: For each match/turn/etc, pass data to the browser in a well defined format, provide a javascript template that receives the data and can implement logic, and provide web APIs that can be invoked by the client (browser) to take the desired actions. That way you don't have to worry about security or server power.
Have an extensive API for the users and strip all other calls upon upload (such as import statements). Also, strip everything that has anything to do with file i/o.
(You might want to do multiple passes to ensure that you didn't miss anything.)