Currently I am hosting a Django app I developed myself for my clients, but I am now starting to look at selling it to people for them to host themselves.
目前,我正在为我的客户开发一个Django应用程序,但我现在开始考虑把它卖给人们,让他们自己来开发。
My question is this: How can I package up and sell a Django app, while protecting its code from pirating or theft? Distributing a bunch of .py files doesn't sound like a good idea as the people I sell it to too could just make copies of them and pass them on.
我的问题是:如何打包并销售Django应用程序,同时保护它的代码不受盗版或盗窃的侵害?分发一堆.py文件听起来不是个好主意,因为我卖给的人也可以复制并传递它们。
I think for the purpose of this problem it would be safe to assume that everyone who buys this would be running the same (LAMP) setup.
我认为从这个问题的角度来看,我们可以假定每个购买这个的人都在运行相同的(LAMP)设置。
7 个解决方案
#1
53
Don't try and obfuscate or encrypt the code - it will never work.
不要试图混淆或加密代码——它永远不会工作。
I would suggest selling the Django application "as a service" - either host it for them, or sell them the code and support. Write up a contract that forbids them from redistributing it.
我建议将Django应用程序“作为一种服务”出售——要么为它们托管它,要么向它们出售代码和支持。写一份禁止他们重新分配的合同。
That said, if you were determined to obfuscate the code in some way - you can distribute python applications entirely as .pyc (Python compiled byte-code).. It's how Py2App works.
也就是说,如果您决定以某种方式混淆代码—您可以将python应用程序完全分发为.pyc (python编译的字节代码)。这是Py2App是如何工作的。
It will still be re-distributable, but it will be very difficult to edit the files - so you could add some basic licensing stuff, and not have it foiled by a few #s..
它仍然是可重新分发的,但是编辑文件将非常困难——因此您可以添加一些基本的许可内容,而不会被一些#s阻止。
As I said, I don't think you'll succeed in anti-piracy via encryption or obfuscation etc.. Depending on your clients, a simple contract, and maybe some really basic checks will go a long much further than some complicated decryption system (And make the experience of using your application better, instead of hopefully not any worse)
就像我说的,我不认为你能通过加密或混淆等方式成功地反盗版。根据您的客户,一个简单的合同,也许一些真正的基本检查将会比一些复杂的解密系统走得更远(并使您使用应用程序的体验更好,而不是希望不会更糟)
#2
11
The way I'd go about it is this:
我的做法是:
- Encrypt all of the code
- 加密所有的代码
- Write an installer that contacts the server with the machine's hostname and license file and gets the decryption key, then decrypts the code and compiles it to python bytecode
- 编写一个安装程序,使用机器的主机名和许可文件与服务器联系,并获取解密密钥,然后解密代码并将其编译为python字节码
- Add (in the installer) a module that checks the machine's hostname and license file on import and dies if it doesn't match
- 添加(在安装程序中)一个模块,该模块检查机器的主机名和许可证文件在导入和死亡时是否不匹配
This way the user only has to contact the server when the hostname changes and on first install, but you get a small layer of security. You could change the hostname to something more complex, but there's really no need -- anyone that wants to pirate this will do so, but a simple mechanism like that will keep honest people honest.
这样,当主机名发生更改并在第一次安装时,用户只需要与服务器联系,但您会得到一小层安全性。您可以将主机名更改为更复杂的名称,但实际上没有必要这样做——想要盗版的任何人都可以这样做,但是这样一个简单的机制将使诚实的人保持诚实。
#3
11
You could package the whole thing up as an Amazon Machine Instance (AMI), and then have them run your app on Amazon EC2. The nice thing about this solution is that Amazon will take care of billing for you, and since you're distributing the entire machine image, you can be certain that all your clients are using the same LAMP stack. The AMI is an encrypted machine image that is configured however you want it.
您可以将整个过程打包为一个Amazon Machine实例(AMI),然后让它们在Amazon EC2上运行您的应用程序。这个解决方案的好处是,Amazon会为您处理账单,并且由于您正在分发整个机器映像,所以您可以确定您的所有客户都在使用相同的LAMP堆栈。AMI是一个加密的机器映像,可以按照您希望的方式进行配置。
You can have Amazon bill the client with a one-time fee, usage-based fee, or monthly fee.
您可以让Amazon向客户收取一次性费用、基于使用的费用或每月费用。
Of course, this solution requires that your clients host their app at Amazon, and pay the appropriate fees.
当然,这个解决方案要求客户在亚马逊上托管他们的应用程序,并支付适当的费用。
#4
10
"Encrypting" Python source code (or bytecode, or really bytecode for any language that uses it -- not just Python) is like those little JavaScript things some people put on web pages to try to disable the right-hand mouse button, declaring "now you can't steal my images!"
“加密”Python源代码(或字节码,或任何使用它的语言的真正字节码——不仅仅是Python)就像一些人在网页上放置的JavaScript代码,试图禁用右边的鼠标按钮,宣称“现在你不能偷我的图像了!”
The workarounds are trivial, and will not stop a determined person.
解决方法是微不足道的,不会阻止一个意志坚定的人。
If you're really serious about selling a piece of Python software, you need to act serious. Pay an attorney to draw up license/contract terms, have people agree to them at the time of purchase, and then just let them have the actual software. This means you'll have to haul people into court if they violate the license/contract terms, but you'd have to do that no matter what (e.g., if somebody breaks your "encryption" and starts distributing your software), and having the actual proper form of legal words already set down on paper, with their signature, will be far better for your business in the long term.
如果您真的想要销售一款Python软件,那么您需要认真对待。花钱请律师起草许可证/合同条款,让人们在购买时同意,然后让他们拥有真正的软件。这意味着你将不得不拖到人民法院如果他们违反许可协议/合同条款,但你必须这样做无论如何(例如,如果有人打破你的“加密”,开始分发软件),并有实际已经设置适当的形式的法律词语写在纸上,用他们的签名,将更好的为你的业务从长远来看。
If you're really that paranoid about people "stealing" your software, though, just stick with a hosted model and don't give them access to the server. Plenty of successful businesses are based around that model.
不过,如果你真的对人们“偷”你的软件非常担心,那就坚持使用托管模型,不要让他们访问服务器。很多成功的企业都是基于这种模式。
#5
7
You'll never be able to keep the source code from people who really want it. It's best to come to grips with this fact now, and save yourself the headache later.
您将永远无法将源代码从真正需要它的人那里保留下来。最好现在就正视这一事实,以后不要再头疼了。
#6
3
One thing you might want to consider is what FogBugz does. Simply include a small binary (perhaps a C program) that is compiled for the target platforms and contains the code to validate the license.
你可能要考虑的一件事是FogBugz做什么。只需包含一个小的二进制文件(可能是一个C程序),它是为目标平台编译的,并且包含验证许可证的代码。
This way you can keep the honest people honest with minimal headache on your part.
这样你就可以让诚实的人保持诚实,而不会让你感到头疼。
#7
3
May I speak frankly, as a friend? Unless your app is Really Amazing, you may not get many buyers. Why waste the time on lawyers, obfuscation, licensing and whatnot? You stand to gain a better reputation by open-sourcing your code...and maintaining it.
作为朋友,我可以坦率地说吗?除非你的应用真的很棒,否则你可能不会有很多买家。为什么要把时间浪费在律师、混淆视听、发放执照之类的事情上呢?通过开放代码,您将获得更好的声誉……和维护它。
Django comes from the open-source end of the spectrum from licensing (and obfuscating). Granted, the MIT license is more common than the GPL; still they are both very far removed from anything like Microsoft's EULA. A lot of Djangophiles will balk at closed source code, simply because that's what Microsoft does.
Django是开源的一端,来自许可(和混淆)。当然,麻省理工学院的许可比GPL更普遍;尽管如此,它们与微软的EULA之类的东西还是相去甚远。很多Djangophiles会对封闭的源代码犹豫不决,仅仅因为微软就是这么做的。
Also, people will trust your code more, since they will be able to read it and verify that it contains no malicious code. Remember, "obfuscating" means "hiding;" and who will really know exactly what you've hidden?
而且,人们会更加信任您的代码,因为他们能够读取它并验证它不包含恶意代码。记住,“混淆”的意思是“隐藏”,谁会真正知道你隐藏了什么?
Granted, there's no easy way to monetize open-sourced code. But you could offer your services or even post a campaign on Pledgie.com, for those who are thankful for all your great work.
当然,要将开源代码货币化并不容易。但是你可以提供你的服务,甚至在Pledgie.com上发布一个活动,为那些对你的伟大工作心存感激的人。
#1
53
Don't try and obfuscate or encrypt the code - it will never work.
不要试图混淆或加密代码——它永远不会工作。
I would suggest selling the Django application "as a service" - either host it for them, or sell them the code and support. Write up a contract that forbids them from redistributing it.
我建议将Django应用程序“作为一种服务”出售——要么为它们托管它,要么向它们出售代码和支持。写一份禁止他们重新分配的合同。
That said, if you were determined to obfuscate the code in some way - you can distribute python applications entirely as .pyc (Python compiled byte-code).. It's how Py2App works.
也就是说,如果您决定以某种方式混淆代码—您可以将python应用程序完全分发为.pyc (python编译的字节代码)。这是Py2App是如何工作的。
It will still be re-distributable, but it will be very difficult to edit the files - so you could add some basic licensing stuff, and not have it foiled by a few #s..
它仍然是可重新分发的,但是编辑文件将非常困难——因此您可以添加一些基本的许可内容,而不会被一些#s阻止。
As I said, I don't think you'll succeed in anti-piracy via encryption or obfuscation etc.. Depending on your clients, a simple contract, and maybe some really basic checks will go a long much further than some complicated decryption system (And make the experience of using your application better, instead of hopefully not any worse)
就像我说的,我不认为你能通过加密或混淆等方式成功地反盗版。根据您的客户,一个简单的合同,也许一些真正的基本检查将会比一些复杂的解密系统走得更远(并使您使用应用程序的体验更好,而不是希望不会更糟)
#2
11
The way I'd go about it is this:
我的做法是:
- Encrypt all of the code
- 加密所有的代码
- Write an installer that contacts the server with the machine's hostname and license file and gets the decryption key, then decrypts the code and compiles it to python bytecode
- 编写一个安装程序,使用机器的主机名和许可文件与服务器联系,并获取解密密钥,然后解密代码并将其编译为python字节码
- Add (in the installer) a module that checks the machine's hostname and license file on import and dies if it doesn't match
- 添加(在安装程序中)一个模块,该模块检查机器的主机名和许可证文件在导入和死亡时是否不匹配
This way the user only has to contact the server when the hostname changes and on first install, but you get a small layer of security. You could change the hostname to something more complex, but there's really no need -- anyone that wants to pirate this will do so, but a simple mechanism like that will keep honest people honest.
这样,当主机名发生更改并在第一次安装时,用户只需要与服务器联系,但您会得到一小层安全性。您可以将主机名更改为更复杂的名称,但实际上没有必要这样做——想要盗版的任何人都可以这样做,但是这样一个简单的机制将使诚实的人保持诚实。
#3
11
You could package the whole thing up as an Amazon Machine Instance (AMI), and then have them run your app on Amazon EC2. The nice thing about this solution is that Amazon will take care of billing for you, and since you're distributing the entire machine image, you can be certain that all your clients are using the same LAMP stack. The AMI is an encrypted machine image that is configured however you want it.
您可以将整个过程打包为一个Amazon Machine实例(AMI),然后让它们在Amazon EC2上运行您的应用程序。这个解决方案的好处是,Amazon会为您处理账单,并且由于您正在分发整个机器映像,所以您可以确定您的所有客户都在使用相同的LAMP堆栈。AMI是一个加密的机器映像,可以按照您希望的方式进行配置。
You can have Amazon bill the client with a one-time fee, usage-based fee, or monthly fee.
您可以让Amazon向客户收取一次性费用、基于使用的费用或每月费用。
Of course, this solution requires that your clients host their app at Amazon, and pay the appropriate fees.
当然,这个解决方案要求客户在亚马逊上托管他们的应用程序,并支付适当的费用。
#4
10
"Encrypting" Python source code (or bytecode, or really bytecode for any language that uses it -- not just Python) is like those little JavaScript things some people put on web pages to try to disable the right-hand mouse button, declaring "now you can't steal my images!"
“加密”Python源代码(或字节码,或任何使用它的语言的真正字节码——不仅仅是Python)就像一些人在网页上放置的JavaScript代码,试图禁用右边的鼠标按钮,宣称“现在你不能偷我的图像了!”
The workarounds are trivial, and will not stop a determined person.
解决方法是微不足道的,不会阻止一个意志坚定的人。
If you're really serious about selling a piece of Python software, you need to act serious. Pay an attorney to draw up license/contract terms, have people agree to them at the time of purchase, and then just let them have the actual software. This means you'll have to haul people into court if they violate the license/contract terms, but you'd have to do that no matter what (e.g., if somebody breaks your "encryption" and starts distributing your software), and having the actual proper form of legal words already set down on paper, with their signature, will be far better for your business in the long term.
如果您真的想要销售一款Python软件,那么您需要认真对待。花钱请律师起草许可证/合同条款,让人们在购买时同意,然后让他们拥有真正的软件。这意味着你将不得不拖到人民法院如果他们违反许可协议/合同条款,但你必须这样做无论如何(例如,如果有人打破你的“加密”,开始分发软件),并有实际已经设置适当的形式的法律词语写在纸上,用他们的签名,将更好的为你的业务从长远来看。
If you're really that paranoid about people "stealing" your software, though, just stick with a hosted model and don't give them access to the server. Plenty of successful businesses are based around that model.
不过,如果你真的对人们“偷”你的软件非常担心,那就坚持使用托管模型,不要让他们访问服务器。很多成功的企业都是基于这种模式。
#5
7
You'll never be able to keep the source code from people who really want it. It's best to come to grips with this fact now, and save yourself the headache later.
您将永远无法将源代码从真正需要它的人那里保留下来。最好现在就正视这一事实,以后不要再头疼了。
#6
3
One thing you might want to consider is what FogBugz does. Simply include a small binary (perhaps a C program) that is compiled for the target platforms and contains the code to validate the license.
你可能要考虑的一件事是FogBugz做什么。只需包含一个小的二进制文件(可能是一个C程序),它是为目标平台编译的,并且包含验证许可证的代码。
This way you can keep the honest people honest with minimal headache on your part.
这样你就可以让诚实的人保持诚实,而不会让你感到头疼。
#7
3
May I speak frankly, as a friend? Unless your app is Really Amazing, you may not get many buyers. Why waste the time on lawyers, obfuscation, licensing and whatnot? You stand to gain a better reputation by open-sourcing your code...and maintaining it.
作为朋友,我可以坦率地说吗?除非你的应用真的很棒,否则你可能不会有很多买家。为什么要把时间浪费在律师、混淆视听、发放执照之类的事情上呢?通过开放代码,您将获得更好的声誉……和维护它。
Django comes from the open-source end of the spectrum from licensing (and obfuscating). Granted, the MIT license is more common than the GPL; still they are both very far removed from anything like Microsoft's EULA. A lot of Djangophiles will balk at closed source code, simply because that's what Microsoft does.
Django是开源的一端,来自许可(和混淆)。当然,麻省理工学院的许可比GPL更普遍;尽管如此,它们与微软的EULA之类的东西还是相去甚远。很多Djangophiles会对封闭的源代码犹豫不决,仅仅因为微软就是这么做的。
Also, people will trust your code more, since they will be able to read it and verify that it contains no malicious code. Remember, "obfuscating" means "hiding;" and who will really know exactly what you've hidden?
而且,人们会更加信任您的代码,因为他们能够读取它并验证它不包含恶意代码。记住,“混淆”的意思是“隐藏”,谁会真正知道你隐藏了什么?
Granted, there's no easy way to monetize open-sourced code. But you could offer your services or even post a campaign on Pledgie.com, for those who are thankful for all your great work.
当然,要将开源代码货币化并不容易。但是你可以提供你的服务,甚至在Pledgie.com上发布一个活动,为那些对你的伟大工作心存感激的人。