Python. Is it massively open to hacking?

Posted on 2014-01-16
Last Modified: 2014-03-06
I am interested again in making an RTS, this time in Python.

How secure is Python? Maybe I don't know enough, but since it is interpreted, I'm concerned that my .py code can be simply copied from memory and hijacked by people? What security does Python guarantee in its interpreter?

Also, I have done competitive RTS since '97 and cheating is endemic in gaming. What might you suspect about the ease of a map hack, for example, into my code?

If my players can only play the game from my .py file location, can they do anything to, with it?
Is it thoroughly invulnerable? Hope so!
I was told my Java RTS was hackable
Question by:beavoid
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
LVL 23

Assisted Solution

by:Patrick Bogers
Patrick Bogers earned 167 total points
ID: 39786489

Python is very difficult to lock down and the byte-codes are well understood.
So if you are concerned for code-stealing i would suggest a better to protect language.

Author Comment

ID: 39786579
But, it is such a pity, because it is the emerging killer app of languages. Are you implying it can be locked down?

Well, let me compare. I previously did this project in Java. Could hijackers just as easily have hijacked my byte code, anyway?
Is Python completely universal now, also?

LVL 23

Expert Comment

by:Patrick Bogers
ID: 39786611
Hi again,

There are some pretty good decompilers for Java so yes, chances are there.
Python is becoming more and more universal now yes. Remember Python is open source and from this thinking not made for obfuscating.

Not a expert on this field but i have been reading about Cython which combines the power of Python and the programmabillity for C++, try it..
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

LVL 17

Assisted Solution

gelonida earned 333 total points
ID: 39787118
Python is probably even easier to hack than Java, as normally even more symbols are accessible in a non obfuscated way by introspection.

On the other hand. There's very good decompilers and annotators for C / C++ as well.
So a really motivated person will be able to hack any code independent of the language.

I think the only way to make a game safe is, that the game depends on some magic code running on a server.

To make it a little more difficult (this will not stop any serious hacker) you could use tools like pyobfuscate (though it works only on a per file basis and does not obfuscate interfaces), use py2exe or cxfreeze,

Author Comment

ID: 39787211
Other questions I have asked on this have resulted in me holding the game state entirely on the server, and sending clients only their valid vision. This way hacking memory results in nothing, as only visible data is available. This should make my concerns null. As long as gameplay is tolerable, I'll be fine?
LVL 17

Accepted Solution

gelonida earned 333 total points
ID: 39787971
Yeah I think  revealing the minimum information for each client is probably the best way to reduce cheating.

Tricky part is to balance server speed and game fluidity with cheat robustness.

What's perhaps as important than cheat avoidance is. cheat detection / detection of atypical 'players' and banning them as soon as they fall into some setup 'traps'.

Author Comment

ID: 39799046
Hacking my game code might be pointless, because I think I'll make the client game-screen-terminal-endpoint instantiate from a locked position in my folder / code, on my game server. So, hacking the code on the client side would be pointless if it instantiates every time only from an inaccessible class I specify. At any rate, my game is going to be played entirely on the server and clients will receive only vision related to their valid position, so hacking attempts of any kind would be futile, and amusing.

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will learn different types of Android Layout and some basics of an Android App.
Part One of the two-part Q&A series with MalwareTech.
The viewer will learn how to implement Singleton Design Pattern in Java.
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question