堆栈内存溢出
  简体   繁体   English

在使用 uWSGI 运行 Flask 应用程序时,如何保护我的源代码?

[英]How can I protect my source code when running a Flask application with uWSGI?

 原文  2020-10-30 11:45:48       python/ flask/ pyinstaller/ uwsgi

问题描述

I have a Flask application application that I run with uWSGI.我有一个使用 uWSGI 运行的 Flask 应用程序。 My clients have access to the server where the app runs.我的客户可以访问应用程序运行所在的服务器。

How can I protect or hide my source code?如何保护或隐藏我的源代码?

Edit: I found that you can embed an app in uWSGI by building it from source , but that seems far fetched.编辑:我发现您可以通过从源代码构建来将应用程序嵌入到 uWSGI 中,但这似乎有些牵强。

1 个解决方案

解决方案1
 1 已采纳  2020-10-30 13:45:33

True - if someone wants it badly enough, the only way to truly secure your algorithms is not to hand them out.是的 - 如果有人非常想要它,那么真正保护您的算法的唯一方法就是不要将它们分发出去。 But, reality is that code is hard to understand anyway.但是,现实是代码无论如何都难以理解。 Often, just not documenting code is enough to discourage.通常,仅仅不记录代码就足以令人气馁。 There are some techniques, however, and your effort varies with how secure they are.但是,有一些技术,您的努力因它们的安全性而异。 Some approaches that come to mind are.想到的一些方法是。

  • Compile to bytecode: I've seen it done in the wild, there was company that made a Python email client for Linux / Outlook.编译为字节码:我见过它在野外完成,有一家公司为 Linux / Outlook 制作了 Python 电子邮件客户端。 I recall that it was obfuscated through a compiled distribution.我记得它是通过编译的发行版混淆的。 You'd have to research the proper tool.你必须研究合适的工具。

  • Obfuscate at a per-script level: Check out the pyminifier tool.在每个脚本级别进行混淆:查看pyminifier工具。 It can make your scripts pretty near impossible to read (but it can be reversed with reasonable effort)它可以让你的脚本几乎无法阅读(但它可以通过合理的努力逆转)

  • Use an advanced obfuscator: Look at pyarmor .使用高级混淆器:看看pyarmor It is a lot more complex and will be harder to implement -- but it looks like it would get the job done.它要复杂得多,而且更难实施——但看起来它可以完成工作。

  • Open source it.开源它。 Seems counter intuitive -- but algorithms are rarely the most valuable aspect of code.似乎违反直觉——但算法很少是代码最有价值的方面。 Having the skill, time, resources to understand and maintain it is.拥有理解和维护它的技能、时间和资源。 It is very likely that it doesn't matter if anyone sees your code.很可能有人看到你的代码并不重要。 If you are giving a good service to your customer, they generally have much better things to do than to take on your code base.如果您为客户提供良好的服务,他们通常有比承担您的代码库更好的事情要做。 There are plenty of enterprise companies making a living from open source software (eg. Startburst, 2nd Quadrant.)有很多企业公司以开源软件为生(例如 Startburst,第二象限)。

(Example code obfuscated using pyminifier) (使用 pyminifier 混淆的示例代码)

import argparse
𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𐤡=range
𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ枇=int
𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𧌾=print
𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆﶾ=argparse.ArgumentParser
import sys
𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𑆉=sys.argv
𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𞤌=sys.stdout
import logging
𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ닸=logging.basicConfig
𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𧄱=logging.DEBUG
𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ柚=logging.INFO
𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ䔎=logging.getLogger
from demo import __version__
__author__="Steve Jackson"
__copyright__="Steve Jackson"
__license__="mit"
𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𐪕=𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ䔎(__name__)
def 𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𡈲(n):
 assert n>0
 𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ関,𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𒂻=1,1
 for i in 𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𐤡(n-1):
  𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ関,𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𒂻=𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𒂻,𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ関+𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𒂻
 return 𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ関
def 𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𐲍(𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𡐮):
 𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆݻ=𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆﶾ(description="Just a Fibonacci demonstration")
 𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆݻ.add_argument("--version",action="version",version="demo-day {ver}".format(ver=__version__))
 𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆݻ.add_argument(dest="n",help="n-th Fibonacci number",type=𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ枇,metavar="INT")
 𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆݻ.add_argument("-v","--verbose",dest="loglevel",help="set loglevel to INFO",action="store_const",const=𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ柚)
 𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆݻ.add_argument("-vv","--very-verbose",dest="loglevel",help="set loglevel to DEBUG",action="store_const",const=𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𧄱)
 return 𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆݻ.𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𐲍(𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𡐮)
def 𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𐮑(loglevel):
 𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𗰆="[%(asctime)s] %(levelname)s:%(name)s:%(message)s"
 𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ닸(level=loglevel,stream=𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𞤌,format=𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𗰆,datefmt="%Y-%m-%d %H:%M:%S")
def 𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆﯜ(𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𡐮):
 𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𡐮=𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𐲍(𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𡐮)
 𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𐮑(𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𡐮.loglevel)
 𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𐪕.debug("Starting crazy calculations...")
 𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𧌾("The {}-th Fibonacci number is {}".format(𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𡐮.n,𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𡈲(𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𡐮.n)))
 𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𐪕.info("Script ends here")
def 𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆܪ():
 𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆﯜ(𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆ𑆉[1:])
if __name__=="__main__":
 𒉁ۻ𨠬𧑔ﲮᆖ𪿺𖢞ﻆܪ()
# Created by pyminifier (https://github.com/liftoff/pyminifier)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用uWSGI运行应用程序时需要Flask吗? - Is Flask required when running an application with uWSGI? 如何在 uwsgi 后面运行的烧瓶上启用保持活动状态? - How can I enable keep-alive on flask running behind uwsgi? 如何更新在ubuntu上通过uWSGI和Nginx部署的flask API代码? - How do I update my flask API code deployed over uWSGI and Nginx on ubuntu? 如何诊断 Python Flask 应用程序中仅在应用程序与 uWSGI 一起运行时出现的问题? - How do I diagnose problems in a Python Flask application that only occur when app is run with uWSGI? 在使用uWSGI进行部署时,如何使用getpass向Flask应用程序提供输入? - How can I give input with getpass to a Flask app when deploying with uWSGI? 如何在Flask应用程序中让Python函数停止运行? - How can I get my Python function in Flask application to stop running? 如何保护 Python 源代码,同时使文件可供运行? - How to protect Python source code, while making the file available for running? 如何在不重新启动uwsgi实例的情况下更新Flask模板? - How can i update flask templates without restarting the uwsgi instance? 使用flask + uwsgi + nginx将flask部署到服务器时,多进程无法在flask中工作 - Multiprocess can not work in flask when I deploy flask to server by using flask + uwsgi + nginx 在测试我的 flask 应用程序时,如何修复我的 unittest 405?= 200 错误? - How can I fix my unittest 405 != 200 error when testing my flask application?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM