Python Forum

If someone manages to hack my web application and/or the python interpreter itself, is it possible to prevent the python process from extracting its own source code?

On the OS level, I could change the file permissions after the python interpreter had read the source, so that the process couldn't read them again if it later became compromised. Or maybe to achieve the same effect I could never give the process permission to access the source and use a separate non-python process to do a one-time stream of the code on loading.

However, with modules like "inspect" I'm not sure this would be worthwhile. Would deleting the files on my system for the "inspect" module be effective? Or could the process just read its own memory to find out what the source is?

Thank you

I think deleting the files after the modules have been imported would be effective to prevent inspect from working, but the process stores its code objects in memory, in a binary form that can be decompiled. It means that although the code itself cannot be retrieved, a smart attacker may be able to reconstruct the code's logic. Look for python decompilers on the web to understand this issue.

wow I just tried a pyc decompiler on a simple script and it worked very very well. Almost got original source code back. Variable names and everything. And that same information is held in the python process so if they dump the memory, with a little work, they could do the same thing?

Anything that can be done about this? Maybe like a filter on nginx to only let out a response if it matches a predefined format (no code, no binary, only certain chars)?