python和保护磁盘上的pyc文件
[英]python and securing pyc files on disk
问题描述
I set django's settings.py file to chmod 600 to keep felonious folks from spying my database connection info, but on import python compiles this file and writes out settings.pyc as mode 644. It doesn't take much sleuthing for the bad guys to get the info they need from this compiled version. 
我将django的settings.py文件设置为chmod 600,以防止重罪分子监视我的数据库连接信息,但是在导入python时,编译该文件并写出settings.pyc作为模式644。从此编译版本中获取所需的信息。 I fear my blog entries are in grave danger. 我担心我的博客文章处于严重危险中。
Beyond the obvious os.chmod, what techniques folks use to keep your compiled python secure on disk? 除了显而易见的os.chmod之外,人们还使用哪些技术来确保已编译的python在磁盘上的安全?
2 个解决方案
解决方案1
6 已采纳 2009-11-28 23:20:38
You can set the umask directly in python. 您可以直接在python中设置umask。 The interpreter uses this umask to create the pyc files: 解释器使用此umask创建pyc文件:
import os
os.umask(077) # Only keep rights for owner
import test
Verify the test.pyc created: 验证创建的test.pyc:
$> ls -l test.py*
-rw-r--r-- 1 shad users 0 2009-11-29 00:15 test.py
-rw------- 1 shad users 94 2009-11-29 00:15 test.pyc
解决方案2
1 2009-11-28 23:17:30
To add a little bit to S.Lott's comment: The code portion of your blog should be stored in a location where it can be executed (eg via a web request), but not read directly. 在S.Lott的评论中添加一些内容:博客的代码部分应存储在可以执行(例如通过Web请求)但不能直接读取的位置。 Any reasonable web server providing CGI support will allow this to be set up. 任何提供CGI支持的合理Web服务器都将允许对此进行设置。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.