2

Here's the deal: I have a Python application for business written in Django. It's not in Cloud, customers should install them at their own servers.

However, Brazil IT laws for tax payment calculation softwares forces me to homologate every piece of code (in this case, every file.py). They generate a MD5 hash and if a customer of mine is running a modified version, I have to pay a fine and should even be sued by Government.

I really don't care if my source code is available to everyone. Really. I just want to guarantee no changes at the source code.

Does anyone have an idea to protect the code? Customers should have root access to servers, so a simple "statement of compliance" should not guarantee anything...

Improve this question
2
  • At what point (if any) would your customer's modification of your application become their liability and not yours? If you sent them compiled binaries which they dropped in IDA and hex-edited to modify behavior, would you still be at fault? Commented May 9, 2014 at 12:59
  • Brazil's government is way, way outdated regarding IT and software laws. One of the requirements is something like "The software installed into customers must be 'exactly' the one approved and registered by government official regulators". If the customer is running a different version the culprit is the software vendor. Of course, you can deny it and go on with a lawsuit, but to avoid theses cases I would like to use something to avoid modified software to run. This law is called "PAF-ECF", and gives a lot of interpretations. Commented May 10, 2014 at 15:39

1 Answer 1

Reset to default
2

This is not really suited for StackOveflow; but the suggestion I would make is to take the parts of your code that are subject to audit; write them as a Python C module which is then imported. You can ship the compiled module along with your normal, unmodified django application.

This would only work if certain parts of your code are subject to this audit/restriction and not the entire application.

Your only other recourse is to host it yourself and provide your own audit/controls on the source.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Good point. Can you give me some advice on how to create C Python modules? I never walked this way before...

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.