osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

How to achieve pyc only deployment for module in python3.6


On 2018-10-02 00:41, Chris Angelico wrote:
> On Tue, Oct 2, 2018 at 12:01 PM Chandana Pattanayak
> <chandana.pattanayak at patterneffectslabs.com> wrote:

>> I have a requirement to provide basic code protection for a module in our
>> product suite. With python 3.6 the .pyc files are created under pycache ,
>> so if i remove the py file the module is not found anymore.
> 
> If you want code protection, the ONLY reliable way to do it is to not
> provide the code *at all*, in any form. That generally means hosting
> your application on some sort of server and granting access that way
> (eg through a web browser interface). Shipping only .pyc files does
> not protect your code - it merely obscures it a little.

I can support that.

Before retiring, I worked for a vendor of SCADA/EMS for large
electric utilities. Since our systems were responsible for
operating their critical infrastructure, NERC CIP[1] standards
required them to only obtain systems that underwent regular
security audits.

We sent one of our systems to the NSTB[2] for such an audit.
It included only executables, no source code. Yet, when the
NSTB sent us their report, they were able to say things like
"Lines x-y of zzzz.c have the following vulnerability."

Those guys were (are) *sharp*.


[1] <https://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx>
[2]
<https://www.energy.gov/oe/technology-development/energy-delivery-systems-cybersecurity/national-scada-test-bed>

-- 
Michael F. Stemper
Outside of a dog, a book is man's best friend.
Inside of a dog, it's too dark to read.