Related Entries

India PyCon 2009
Quick wallpaper changer
Load testing with Grinder
Adding namespace to XML
Opera RSS to OPML

« Prefixing variables with datatypes
» HTML Email isn't rich

Confidential Python?

This time, Python got me stumped.

I love Python mainly because of the elegance with which it helps in solving problems. Those strengths are now causing a problem :-)

Here is the deal. I’ve an upcoming requirement - it is not yet finalized, but I’ve a strong feeling this will be there as an afterthought - where there needs to be confidential validations on confidential data

The validations are convoluted enough that in any language other than Python, the code will make Earnest Hemingway turn away in disgust. However, the logic of validations should be with the customer alone. The working implementation needs to be available to others for testing and integration.

This logic needs to be under Zope.

Guido made Python the easiest programming language to write and read :-)

What choices will I have?

I can think of the following at the moment.

  1. Make a Python module with only validation routine. Distribute the compiled byte code. But I don’t want to write a whole Zope product just to have one compiled file.
  2. Write the validation routine as an External Method. Put only the .pyc file on the server. Not tested. Will it work?
  3. Make pure client side validation using Javascript. Obfuscate the script using the tools available on the net.I hate Javascript. Also, I don't trust using client side validation alone.

At the moment, spending time with lawyers to come up with a non-disclosure agreement is not something I want to consider. Enough problems in this world already.

Apparently, this has come up before.

  1. 2002-01-21
  2. 2001-11-12
  3. 2000-10-06
  1. Throw option three out right away. Obfuscated code can be unobfuscated, especially when it runs on the client machine.

    I think the simplest would be number 2. You can definitely debug with the py file, then leave only the pyc file on the public server.

    Number 1 is the same as number 2, only more work.

    If you wanted to get really fancy, you could validate on a separate server via XML-RPC or somesuch, but that introduces dependency headaches that you probably don't need.

    Posted by: Howard Hansen on January 21, 2003 06:54 PM
  2. I like the XML-RPC idea quite a bit. In this situation, unfortunately, I can't really use it because there is no "confidential" server where I can put that :-( Thanks.

    Posted by: Babu on January 21, 2003 07:35 PM