As long as system is breaked in: one can safely assume that everything that is stored unencrypted or everything in memory - lost and attacker have access to it. pyc files decompiled back to py very easy.
2013/8/21 Aarni Koskela <[email protected]> > A suitably advanced attacker can read the running Python bytecode from > the system’s memory, anyway. To achieve the same level of security you can > ship only *.pycs (as long as they’ve been compiled by the version of Python > that’s also going to be running the system, of course).**** > > ** ** > > In the same vein (I’m still defending my image idea ;) ) you can ship an > image encrypted with an one-time key, decrypt it into a tmpfs, mount the > image, then unlink the file (seems to work: “/tmp/app.squashfs (deleted) on > /app type squashfs (ro,noexec,nosuid,nodev,user=akx)”), leaving the app > viable only for the duration of the mount.**** > > ** ** > > As for the auditing bit you mentioned earlier, you could use UNIX > permissions to your benefit, allowing only the single designated user (i.e. > the one running the uWSGI node) to read the files required.**** > > ** ** > > Also my gut feeling is that any approach in this might be open to timing > attacks... and in the end, if someone else is root on the system your code > will be deployed on, they can just inject a kernel module that intercepts > reads of your app’s code.**** > > ** ** > > Just my 5 euro cents here :)**** > > ** ** > > Aarni**** > > ** ** > > *From:* [email protected] [mailto:[email protected]] > *On Behalf Of *est > *Sent:* Wednesday, August 21, 2013 12:09 PM > *To:* uWSGI developers and users list > *Subject:* Re: [uWSGI] offtopic: How difficult is it to build a > sourcefile-less Django cluster in uWSGI?**** > > ** ** > > Another benifit: If your physical machine is somehow seized by an unwanted > thirdparty, Once your server is powered off or restarted, your running > instance of everything would be gone, and Intellectual Property would be > safe. **** > > ** ** > > In this model we could establish reliable licensed service to Intranets > and corporates. The service could be charged either by hour or by number > of running instances. The Intranet only need to load the latest version of > a service from the Internet, and go LAN-only or whatever afterwards. You > don't have to worry that your source code is leaked or modified without > permission.**** > > ** ** > > I am intend to build a system like this. Does anyone have any technical > experience of how difficult and reliable this could be?**** > > ** ** > > Thank you guys!**** > > _______________________________________________ > uWSGI mailing list > [email protected] > http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi > >
_______________________________________________ uWSGI mailing list [email protected] http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi
