Reputation: 1565
python and securing pyc files on disk
I set django's settings.py file to chmod 600 to keep felonious folks from spying my database connection info, but on import python compiles this file and writes out settings.pyc as mode 644. It doesn't take much sleuthing for the bad guys to get the info they need from this compiled version. I fear my blog entries are in grave danger.
Beyond the obvious os.chmod, what techniques folks use to keep your compiled python secure on disk?
Upvotes: 1
Views: 1428
Answers (2)
Reputation: 871
You can set the umask directly in python. The interpreter uses this umask to create the pyc files:
import os
os.umask(077) # Only keep rights for owner
import test
Verify the test.pyc created:
$> ls -l test.py*
-rw-r--r-- 1 shad users 0 2009-11-29 00:15 test.py
-rw------- 1 shad users 94 2009-11-29 00:15 test.pyc
Upvotes: 6
Reputation: 9039
To add a little bit to S.Lott's comment: The code portion of your blog should be stored in a location where it can be executed (e.g. via a web request), but not read directly. Any reasonable web server providing CGI support will allow this to be set up.
Upvotes: 1
Related Questions
- How to avoid .pyc files?
- Best way to protect file python?
- Protect python files from being changed
- Keeping Python Code Private On Controlled Linux Server
- How can I go about securely executing a subset of python?
- How to run a python file from another securely?
- How to protect Python source code?
- Use .py or .pyc file when sharing/backing up?
- What are the limitations of distributing .pyc files?
- Limiting python file IO