Should I deploy only the .pyc files on server if I worry about code security?

StackOverflow https://stackoverflow.com/questions/22495894

  •  17-06-2023
  •  | 
  •  

Question

I want to deploy a Django application to a cloud computing environment, but I am worried about source code security. Can I deploy only the compiled .pyc files there? According to official python doc, pyc files are 'moderately hard to reverse engineer'.

What are the pros and cons of taking this approach? Is this a standard practice?

I am not using AWS, let me just say that I am in a country where cloud computing can not be trusted at all...

Was it helpful?

Solution

Deploying .pyc files will not always work. If using Apache/mod_wsgi for example, at least the WSGI script file still needs to be straight Python code.

Some web frameworks also may require the original source code files to be available. Using .pyc files also does little to obscure any sensitive information that may be in templates used by a web framework.

In general, using .pyc files is a very weak defence and tools are available to reverse engineer them to extract information from them.

So technically your application may run, but it would not be regarded as very secure way of protecting your source code.

You are better of using a hosting service you trust. This generally means paying for reputable hosting rather than just the cheapest one you can find.

OTHER TIPS

Apparently you can. Check out this question and this blog post.

One thing I'd consider though... Why would you move to a cloud provider if you do not trust it 100%? Uploading only pyc files might protect your code (a bit), but what about protecting your users? If you don't trust a provider you might be better off not using cloud computing.

Yes, just deploying the compiled files is fine. Another point to consider are the other aspects of your application. One aspect could be if current bugs let malicious users know what technology stack you are using, type of error messages displayed when (if) your application crashes. To me, these seem like some of the other aspects, I'm sure there are more.

Generally, deploying PYC files will work fine.

The Pros, as you said, a bit helpful for protecting source codes.

Cons, here are the points I found:

1). PYC only works with same Python version. E.g., "a.pyc" was compiled by Python2.6, "b.pyc" was by 2.7, and b.pyc "import a", it won't work. Similarly, "python2.6 b.pyc" neither work. So do remember to use a same Python version to generate all PYC, as well as the version on your cloud server

2). if you want to SSH to cloud server for some live debugging, PYC cannot help you

3). the deployment work requires extra things to do

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top