[Python-Dev] Support for Encrypted Zip as python scripts (original) (raw)
Shashank Singh shashank.sunny.singh at gmail.com
Mon Aug 24 04:40:02 CEST 2009
- Previous message: [Python-Dev] Support for Encrypted Zip as python scripts
- Next message: [Python-Dev] Support for Encrypted Zip as python scripts
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
oops..sorry for the empty mail :P
On Mon, Aug 24, 2009 at 8:09 AM, Shashank Singh < shashank.sunny.singh at gmail.com> wrote:
On Mon, Aug 24, 2009 at 7:39 AM, Nick Coghlan <ncoghlan at gmail.com> wrote: Guido van Rossum wrote: > Anyway it looks like if someone wants to try this, only the code in > runpy.py needs to be touched.
The necessary work would actually be in zipimport. runpy doesn't know anything about the details of where the module code comes from, it just asks the relevant importer for the details. For zipfile and directory execution, they get added to the start of sys.path and then runpy is invoked to look for the module "main". From that point on most of the heavy lifting is handled by the regular import machinery (aside from using the pkgutil emulation for the basic import behaviour that isn't fully exposed by the imp module).
That is where I see the problem in creating a natural approach. Correct me if I am wrong here but since runpy doesn't know anything about the script being a zip file to add such a support we will have to break the current delegation mechanism and bring runpy in the loop too.
Also, since a zip file is automatically checked for (I believe there are no switches to specify that the script is a zip) will it not be a two trip mechanism: You naively try a to run a zip; get an error (say ERR_ZIP_ENCRYPTED) and then ask for password?
I added a -1 to the tracker issue as well. That's due both to my opinion on the inherent idiocy of DRM though (since shared secrets don't provide any security when the attacker in your threat model is one of the people you are sharing the secret with) and to the fact that associating passwords with the relevant zipfile entries on sys.path would get messy fairly quickly. Cheers. Nick. -- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia ---------------------------------------------------------------
Python-Dev mailing list Python-Dev at python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/shashank.sunny.singh%40gmail.com
-- Regards Shashank Singh Senior Undergraduate, Department of Computer Science and Engineering Indian Institute of Technology Bombay shashank.sunny.singh at gmail.com http://www.cse.iitb.ac.in/~shashanksingh<http://www.cse.iitb.ac.in/%7Eshashanksingh>
-- Regards Shashank Singh Senior Undergraduate, Department of Computer Science and Engineering Indian Institute of Technology Bombay shashank.sunny.singh at gmail.com http://www.cse.iitb.ac.in/~shashanksingh -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20090824/ec5eb1bf/attachment-0001.htm>
- Previous message: [Python-Dev] Support for Encrypted Zip as python scripts
- Next message: [Python-Dev] Support for Encrypted Zip as python scripts
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]