Hey all,
I would like to share my Grasshopper script with a GHpython component. However, I would like to prevent that other people are seeing inside of my Python code. Is there a way to make my code invisible to others?
Thank you in advance.
One option would be to put the python code inside a cluster and then put a password on the cluster.
However it is possible to get inside a cluster without the password if you know how, so not fully secure, but it will be a deterent.
Another option would be to build them into actual components as compiled code.
It depends on to which extent secure you want. Compiled python can provide, sort of, protection from direct copy of your code. However the compiled algorithm isn’t very difficult to read if someone really wants to do that.
With v7 you could provide your definition through Rhino Compute where users of your definition containing the code would access it in the cloud only so to speak. You’d set up a server with Rhino and Rhino Compute running, maintaining full control over your IP.
I don’t know if that is something that could work for you, but currently IMO the only way to fully ensure your code doesn’t get looked at (apart from not sharing it in any way at all, of course).
Security through obfuscation does work, it’s not impossible to bypass but it does stop a lot of people from getting into the hassle of deobfuscation. So I guess there are automated obfuscation tools for python, or you can create a C++ dll create a C# wrapper and call it from a GH plugin. The latter doesn’t provide obfuscated source code but it does create a compiled dll that is rather hard to decompile (not as easy as C#).
1 Like
Obfuscated code of a plain C# app (and so for IronPython), is already sufficent. A person being able to deobfuscate code, will be good enough the create a similar tool without the need to steal code. Most plugins of Rhino are not that complex.
Stealing “code” is bytheway not so black and white. If you make a lot of 3rd party api calls (e.g. Rhinocommon), how much is it actually your code and not of McNeel? And creating certain combinations of api calls may also be an obvious way of doing things. In other words, is such a person really the main developer in a broader sense?
1 Like
Definitely, that’s my thought on this too. Specially since OP is asking I can infer that the code is not the work of a team of specialized engineers and mathematicians wanting to keep their source secure. So obfuscation is “good enough”.