Protecting Python Applications

The following methods exist to protect Python applications using Sentinel LDK on a Windows or Linux machine:

1.Script Envelope

Script Envelope is an advanced command-line tool for applying Sentinel LDK Envelope protection to Python applications.

NOTE    Due to its built-in automation, Script Envelope is the simplest and preferred method for applying Sentinel Envelope protection to your applications.

2.Cython Followed by Sentinel LDK Envelope

This method protects Python applications by combining Cython (https://cython.org/) with Sentinel LDK Envelope. This works by first translating your sensitive Python modules into native modules (PYD/SO files) which are then protected using Sentinel Envelope.

This method provides a higher level of security because the additional compilation step lowers the code’s abstraction level and enables Sentinel LDK Envelope to protect the application as code and not just as data. This results in more sophisticated protection measures. However, this method is slightly more complicated to set up, as it requires Cython and a working C compiler.

NOTE   This method cannot protect an application's start script, only its Python modules. Therefore, Thales recommends that you place your application's actual entry point inside a Python module and only use the start script to call the module.

This section describes how to perform the process on a Windows machine. For information on protecting Python applications under Linux, see Sentinel LDK Envelope for Linux.

Related Topics

Protecting Python Applications Using Script Envelope

Protecting Python Applications With Cython