Protecting Python Scripts

I’m not sure if this is the correct forum to post this… If not please tell me where to go (i.e. direct me to the correct forum :wink: )

I’ve written some python scripts for a ConnectPort X. I want end users to be able to log into the ConnectPort to do basic troubleshooting (e.g. see what zigbee nodes are connecting) and do configuration via some custom webpages using the python in html module.

The problem is that, as far as I can tell, the ConnectPort X security is based on a single user with all permissions. So if I let the users login they will be able to view and download our entire Python application. The company I work for is concerned about protecting their business and intellectual property.

Do you know if it is possible to provide limited access to the ConnectPort? Or are there other possible solutions?

This is something that does not have a perfect solution to just yet. The initial vision was that people would write their apps and pre-configure the device so that access to the administration of the device would not be necessary for the ultimate end user.

As in your case however, that’s not possible everywhere. You’re currently right that the user is enabled globally and you cannot partially provide permissions. We are at present examining options that will enable us to provide better granularity of protecting access in the ConnectPort systems.

However, at this time, as far as what we are providing, the only thing I can say is that we are looking at addressing this. In the meantime, the only suggestion that I can provide is that if the configuration you wish to expose is a reasonably small subset of that provided by the system, you could provide and manage it through a configuration interface provided by the Python application. This would enable you to close off access to our pages.

The Transport series of routers (WR41 & WR44) allow you to create a python file that cannot be read or copied from the unit, you can only overwrite, delete or run the script. To use this facility you ftp the file on but start its name ‘’.

Hope this helps.

Thanks Matt - very smart of the transport team.

I’ve begged for such a simple solution on the X4/NDS boxes for over a year … but some folks think “a perfect design so complex we never have time to complete or release” is better than a simple workable solution yesterday. :frowning: