ansaurus

Question

Answer 1

+1 A:

To add a little bit to S.Lott's comment: The code portion of your blog should be stored in a location where it can be executed (e.g. via a web request), but not read directly. Any reasonable web server providing CGI support will allow this to be set up.

Managu 2009-11-28 23:17:30

yeah, it's more of ppl with shell access to the machine being able to peek at the pyc files if they choose. i probably could have worded the question better. thanks!

mtvee 2009-11-28 23:29:08

@mtvee: Who are these mystrious "ppl with shell access"? Please define "ppl". Please provide a list of names. It's so hard to talk about security when it's just random hand-waving. Who's access do you need to control? Please provide a list to your sysadmins.

S.Lott 2009-11-29 00:06:50

i don't know exactly who they are, that's the crazy thing, but I know they are in there, sniffing around, looking at my crontabs and sifting through the log files. sometimes, late at night, when i do a quick `ps ax | grep python` i see one, but a flash, and when i look again they are gone. they are probably in your systems too. vigilance my friend, vigilance and chmod 600.

mtvee 2009-11-29 01:07:27

@mtvee: If you have logs, then you have names. Fix that. If you don't have logs, then, perhaps you don't actually have a security incident. Securing your `.pyc` files is silly when confronted with wholesale compromise. Find another hosting service.

S.Lott 2009-11-29 03:50:31

Answer 2

+4 A:

You can set the umask directly in python. The interpreter uses this umask to create the pyc files:

import os
os.umask(077) # Only keep rights for owner
import test

Verify the test.pyc created:

$> ls -l test.py*
-rw-r--r-- 1 shad users  0 2009-11-29 00:15 test.py
-rw------- 1 shad users 94 2009-11-29 00:15 test.pyc

shad 2009-11-28 23:20:38

sweet. i did not know of this. just what i was looking for

mtvee 2009-11-28 23:24:33

ansaurus

tags:

views:

answers:

python and securing pyc files on disk

related questions