Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Should I deploy only the .pyc files on server if I worry about code security?

Tags:

python

django

cloud

wsgi

I want to deploy a Django application to a cloud computing environment, but I am worried about source code security. Can I deploy only the compiled .pyc files there? According to official python doc, pyc files are 'moderately hard to reverse engineer'.

What are the pros and cons of taking this approach? Is this a standard practice?

I am not using AWS, let me just say that I am in a country where cloud computing can not be trusted at all...

like image 475
NeoWang Avatar asked Mar 19 '14 03:03

NeoWang

People also ask

Are PYC files important?

Having a *. pyc file saves the compilation time of converting the python source code to byte code, every time the file is imported.

What is the difference between .py and .PYC files?

. py files contain the source code of a program. Whereas, . pyc file contains the bytecode of your program.

What is .PYC file and use of it?

What is a PYC file? A PYC file is a compiled output file generated from source code written in Python programming language. When PY file is run using Python interpreter, it is converted to bytecode for execution. At the same time, the compiled bytecode is also saved as .

Why are .PYC files created?

pyc files are created automatically by the GraalVM Python runtime when no or an invalid . pyc file is found matching the desired . py file. When a Python source file (module) is imported during an execution for the first time, the appropriate .

1 Answers

Deploying .pyc files will not always work. If using Apache/mod_wsgi for example, at least the WSGI script file still needs to be straight Python code.

Some web frameworks also may require the original source code files to be available. Using .pyc files also does little to obscure any sensitive information that may be in templates used by a web framework.

In general, using .pyc files is a very weak defence and tools are available to reverse engineer them to extract information from them.

So technically your application may run, but it would not be regarded as very secure way of protecting your source code.

You are better of using a hosting service you trust. This generally means paying for reputable hosting rather than just the cheapest one you can find.

like image 159
Graham Dumpleton Avatar answered Sep 19 '22 09:09

Graham Dumpleton
Sign in to Comment

Related questions

Is there a difference between 'and' and '&' with respect to python sets?
List of non-zero elements in a list in Python
Find if the array contain a 2 next to a 2
Python os.rename and os.walk together
How to check for a function type in Python?
How to install MySQLdb in Python 2.6 CentOS
'CSV does not exist' - Pandas DataFrame [duplicate]
Python: How do i use itertools?
What does [, element] mean? [duplicate]
Addition of chars adding one character in front
Applying constants in list comprehension
How to check in python if I'm in certain range of times of the day?
TypeError: Connect() takes exactly one argument
How can I escape the format string?
Can we draw digital waveform graph with Pyplot in python or Matlab?
Using the same name for variables which are in different functions?
Format number number with specific mask regex python
My admin.TabularInline class returns exception: object has no attribute 'urls'
Dictionary with lists as values - find longest list
Pass a function as a variable with one input fixed

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!