我将如何打包和销售 Django 应用程序?
目前,我正在托管一个我为客户开发的 Django 应用程序,但我现在开始考虑将其出售给人们,让他们自己托管。
我的问题是:如何打包并销售 Django 应用程序,同时保护其代码免遭盗版或盗窃? 分发一堆 .py 文件听起来不是一个好主意,因为我出售它的人也可以复制它们并传递它们。
我认为为了解决这个问题,可以安全地假设每个购买此产品的人都会运行相同的(LAMP)设置。
Currently I am hosting a Django app I developed myself for my clients, but I am now starting to look at selling it to people for them to host themselves.
My question is this: How can I package up and sell a Django app, while protecting its code from pirating or theft? Distributing a bunch of .py files doesn't sound like a good idea as the people I sell it to too could just make copies of them and pass them on.
I think for the purpose of this problem it would be safe to assume that everyone who buys this would be running the same (LAMP) setup.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(7)
不要尝试混淆或加密代码 - 它永远不会起作用。
我建议将 Django 应用程序“作为服务”出售 - 要么为他们托管,要么向他们出售代码和支持。 写一份合同,禁止他们重新分发它。
也就是说,如果您决定以某种方式混淆代码 - 您可以将 Python 应用程序完全作为 .pyc(Python 编译的字节码)分发。这就是 Py2App 的工作原理。
它仍然是可重新分发的,但是编辑文件会非常困难 - 所以你可以添加一些基本的许可内容,而不是让它被一些
#s..
正如我所说,我认为你不会通过加密或混淆等方式成功地反盗版。根据你的客户,一份简单的合同,也许一些真正基本的检查将比一些复杂的解密系统(并使应用程序的使用体验更好,而不是希望不会变得更糟)
Don't try and obfuscate or encrypt the code - it will never work.
I would suggest selling the Django application "as a service" - either host it for them, or sell them the code and support. Write up a contract that forbids them from redistributing it.
That said, if you were determined to obfuscate the code in some way - you can distribute python applications entirely as .pyc (Python compiled byte-code).. It's how Py2App works.
It will still be re-distributable, but it will be very difficult to edit the files - so you could add some basic licensing stuff, and not have it foiled by a few
#
s..As I said, I don't think you'll succeed in anti-piracy via encryption or obfuscation etc.. Depending on your clients, a simple contract, and maybe some really basic checks will go a long much further than some complicated decryption system (And make the experience of using your application better, instead of hopefully not any worse)
您可以将整个内容打包为 Amazon 机器实例 (AMI),然后让他们在 Amazon EC2 上运行您的应用程序。 此解决方案的好处是 Amazon 将负责为您计费,并且由于您分发整个计算机映像,因此您可以确定所有客户端都使用相同的 LAMP 堆栈。 AMI 是一个加密的机器映像,可以根据您的需要进行配置。
您可以让亚马逊向客户收取一次性费用、基于使用的费用或月费。
当然,此解决方案要求您的客户在亚马逊托管他们的应用程序,并支付适当的费用。
You could package the whole thing up as an Amazon Machine Instance (AMI), and then have them run your app on Amazon EC2. The nice thing about this solution is that Amazon will take care of billing for you, and since you're distributing the entire machine image, you can be certain that all your clients are using the same LAMP stack. The AMI is an encrypted machine image that is configured however you want it.
You can have Amazon bill the client with a one-time fee, usage-based fee, or monthly fee.
Of course, this solution requires that your clients host their app at Amazon, and pay the appropriate fees.
我的方法是这样的:
这样,用户只需在主机名更改时和首次安装时联系服务器,但您可以获得一小层安全性。 您可以将主机名更改为更复杂的名称,但实际上没有必要——任何想要盗版的人都会这样做,但像这样的简单机制将使诚实的人保持诚实。
The way I'd go about it is this:
This way the user only has to contact the server when the hostname changes and on first install, but you get a small layer of security. You could change the hostname to something more complex, but there's really no need -- anyone that wants to pirate this will do so, but a simple mechanism like that will keep honest people honest.
“加密”Python 源代码(或字节码,或任何使用它的语言的真正字节码 - 不仅仅是 Python)就像一些人在网页上放置的 JavaScript 小东西,试图禁用鼠标右键,声明“现在你不能偷我的照片了!”
这些解决方法都是微不足道的,不会阻止一个有决心的人。
如果你真的想销售一款 Python 软件,你就需要表现得认真。 聘请律师起草许可/合同条款,让人们在购买时同意这些条款,然后让他们拥有实际的软件。 这意味着如果人们违反了许可/合同条款,您就必须将他们告上法庭,但无论如何您都必须这样做(例如,如果有人破坏了您的“加密”并开始分发您的软件),并且从长远来看,已经在纸上写下并带有签名的法律词语的实际正确形式对您的业务来说会更好。
不过,如果您真的对人们“窃取”您的软件感到偏执,那么就坚持使用托管模型,不要让他们访问服务器。 许多成功的企业都是基于这种模式。
"Encrypting" Python source code (or bytecode, or really bytecode for any language that uses it -- not just Python) is like those little JavaScript things some people put on web pages to try to disable the right-hand mouse button, declaring "now you can't steal my images!"
The workarounds are trivial, and will not stop a determined person.
If you're really serious about selling a piece of Python software, you need to act serious. Pay an attorney to draw up license/contract terms, have people agree to them at the time of purchase, and then just let them have the actual software. This means you'll have to haul people into court if they violate the license/contract terms, but you'd have to do that no matter what (e.g., if somebody breaks your "encryption" and starts distributing your software), and having the actual proper form of legal words already set down on paper, with their signature, will be far better for your business in the long term.
If you're really that paranoid about people "stealing" your software, though, just stick with a hosted model and don't give them access to the server. Plenty of successful businesses are based around that model.
您永远无法向真正想要它的人保留源代码。 最好现在就正视这个事实,以免日后头痛。
You'll never be able to keep the source code from people who really want it. It's best to come to grips with this fact now, and save yourself the headache later.
作为朋友,我可以坦白地说吗? 除非您的应用程序非常出色,否则您可能不会吸引很多买家。 为什么要把时间浪费在律师、混淆视听、许可之类的事情上呢? 通过开源代码并维护它,您将获得更好的声誉。
Django 来自许可(和混淆)领域的开源领域。 诚然,MIT 许可证比 GPL 更常见; 但它们与微软的最终用户许可协议(EULA)之类的东西相去甚远。 许多 Django 爱好者会对封闭源代码犹豫不决,仅仅因为微软就是这么做的。
此外,人们会更加信任您的代码,因为他们将能够阅读它并验证它是否不包含恶意代码。 请记住,“混淆”意味着“隐藏”; 谁会真正确切地知道你隐藏了什么?
诚然,没有简单的方法可以通过开源代码获利。 但您可以为那些感谢您所做的出色工作的人提供服务,甚至在 Pledgie.com 上发布活动。
May I speak frankly, as a friend? Unless your app is Really Amazing, you may not get many buyers. Why waste the time on lawyers, obfuscation, licensing and whatnot? You stand to gain a better reputation by open-sourcing your code...and maintaining it.
Django comes from the open-source end of the spectrum from licensing (and obfuscating). Granted, the MIT license is more common than the GPL; still they are both very far removed from anything like Microsoft's EULA. A lot of Djangophiles will balk at closed source code, simply because that's what Microsoft does.
Also, people will trust your code more, since they will be able to read it and verify that it contains no malicious code. Remember, "obfuscating" means "hiding;" and who will really know exactly what you've hidden?
Granted, there's no easy way to monetize open-sourced code. But you could offer your services or even post a campaign on Pledgie.com, for those who are thankful for all your great work.
您可能需要考虑的一件事是 FogBugz 的作用。 只需包含一个针对目标平台编译的小型二进制文件(可能是 C 程序),并包含用于验证许可证的代码。
这样,您就可以让诚实的人保持诚实,同时减少您的麻烦。
One thing you might want to consider is what FogBugz does. Simply include a small binary (perhaps a C program) that is compiled for the target platforms and contains the code to validate the license.
This way you can keep the honest people honest with minimal headache on your part.