2
I am developing a software in Python and I’m using files .ini and images.
Does anyone know a way to protect these files against user editing?
I don’t want the user to keep changing the images of the program and etc or changing the file .ini unduly.
Can be an installer, a database.
1
There are many ways to protect files, but with some effort you will always be able to change.
I will list some ways to protect(use them together for greater efficiency):
1) Hash check: Use the hashlib(is a standard python library, very easy to use) to get the hash(can be md5) of the files you want to protect. If the hash is different from the original image/file (leaves the original hash in strings within its python code), you display a message saying that the program has been "corrupted" and requires reinstallation. In the case of ini, as the hash varies, you will have to store it in some other file.
2) Create an installer/executable: py2exe, pyinstaller, cx_freeze... There are several options ready, but I suggest you make a small installer program using compiled languages (compiled languages are harder to crack, and as the program will only serve to start the other one, it will be small). By making your own execution program you can configure it to check the files(with hash, as I mentioned at point 1) before starting the program.
3) Use PIL and Stringio to leave the image inside python code, in string form, example:
>>>from StringIO import StringIO
>>>from PIL import Image
>>>image_file = StringIO(open("test.jpg",'rb').read())
>>>im = Image.open(image_file)
>>>print im.size, im.mode
In your case, instead of "open("test.jpg",'Rb'). read()" would be the hard-coded string of the image. Source of this example: https://stackoverflow.com/questions/22468108/how-to-read-image-from-stringio-into-pil-in-python
4) Database: I suggest Sqlalchemy, it is very easy to use and has all the tools of a good database manager. Users will still be able to edit it, but they will need to have more knowledge.
5) Encrypt Files: It works similar to hash, but you save the encrypted files to disk and decrypt them at the time of use, so the user won’t know if he wants what each file is.
All these means assume that the user has no advanced knowledge or will not have access to python code, to protect himself from a little more advanced users:
1) Use code obfuscators: pyminifier, OPY...
2) Create shared libraries(". dll" or ". so") in C/C++ and put the file check to be done by them. Also, leave some vital snippets of your code inside these libraries. This requires you to know how to create shared libraries in C/C++, it’s not hard to learn, but it takes a while. You can also create executables with the same function as the libraries I mentioned, if you prefer.
These measures require the user to have more advanced knowledge, but still, he will be able to break if he has all the knowledge.
Browser other questions tagged python
You are not signed in. Login or sign up in order to post.
If you put an img on the user’s machine it will be able to change the file. There is no way to block it, make it difficult, even have, block 100%, never.
– Ricardo
Which operating system?
– Pablo Almeida
It could save creating an integrity hash of all files and if any fails there should be a compressed backup of the last save that should be encrypted with an internal password that only you have, it is not the brightest idea, but should work well. I’m not going to try to formulate an answer right now, because it’s a little complex, as soon as possible, if I don’t get an answer I try to formulate a.
– Guilherme Nascimento
Only one doubt is Python2 or 3?
– Guilherme Nascimento