Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Python. Is it massively open to hacking?

Posted on 2014-01-16
Medium Priority
Last Modified: 2014-03-06
I am interested again in making an RTS, this time in Python.

How secure is Python? Maybe I don't know enough, but since it is interpreted, I'm concerned that my .py code can be simply copied from memory and hijacked by people? What security does Python guarantee in its interpreter?

Also, I have done competitive RTS since '97 and cheating is endemic in gaming. What might you suspect about the ease of a map hack, for example, into my code?

If my players can only play the game from my .py file location, can they do anything to, with it?
Is it thoroughly invulnerable? Hope so!
I was told my Java RTS was hackable
Question by:beavoid
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
LVL 23

Assisted Solution

by:Patrick Bogers
Patrick Bogers earned 668 total points
ID: 39786489

Python is very difficult to lock down and the byte-codes are well understood.
So if you are concerned for code-stealing i would suggest a better to protect language.

Author Comment

ID: 39786579
But, it is such a pity, because it is the emerging killer app of languages. Are you implying it can be locked down?

Well, let me compare. I previously did this project in Java. Could hijackers just as easily have hijacked my byte code, anyway?
Is Python completely universal now, also?

LVL 23

Expert Comment

by:Patrick Bogers
ID: 39786611
Hi again,

There are some pretty good decompilers for Java so yes, chances are there.
Python is becoming more and more universal now yes. Remember Python is open source and from this thinking not made for obfuscating.

Not a expert on this field but i have been reading about Cython which combines the power of Python and the programmabillity for C++, try it..
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 17

Assisted Solution

gelonida earned 1332 total points
ID: 39787118
Python is probably even easier to hack than Java, as normally even more symbols are accessible in a non obfuscated way by introspection.

On the other hand. There's very good decompilers and annotators for C / C++ as well.
So a really motivated person will be able to hack any code independent of the language.

I think the only way to make a game safe is, that the game depends on some magic code running on a server.

To make it a little more difficult (this will not stop any serious hacker) you could use tools like pyobfuscate (though it works only on a per file basis and does not obfuscate interfaces), use py2exe or cxfreeze,

Author Comment

ID: 39787211
Other questions I have asked on this have resulted in me holding the game state entirely on the server, and sending clients only their valid vision. This way hacking memory results in nothing, as only visible data is available. This should make my concerns null. As long as gameplay is tolerable, I'll be fine?
LVL 17

Accepted Solution

gelonida earned 1332 total points
ID: 39787971
Yeah I think  revealing the minimum information for each client is probably the best way to reduce cheating.

Tricky part is to balance server speed and game fluidity with cheat robustness.

What's perhaps as important than cheat avoidance is. cheat detection / detection of atypical 'players' and banning them as soon as they fall into some setup 'traps'.

Author Comment

ID: 39799046
Hacking my game code might be pointless, because I think I'll make the client game-screen-terminal-endpoint instantiate from a locked position in my folder / code, on my game server. So, hacking the code on the client side would be pointless if it instantiates every time only from an inaccessible class I specify. At any rate, my game is going to be played entirely on the server and clients will receive only vision related to their valid position, so hacking attempts of any kind would be futile, and amusing.

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Q&A with Course Creator, Mark Lassoff, on the importance of HTML5 in the career of a modern-day developer.
The SignAloud Glove is capable of translating American Sign Language signs into text and audio.
This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.
This tutorial explains how to use the VisualVM tool for the Java platform application. This video goes into detail on the Threads, Sampler, and Profiler tabs.
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question