0
  1. Python is an interpreted language. So, when we submit the code to end users, will they get the source code or the executable one?
  2. If a user gets the source code of the application, it may be tampered with. So how is safety measured in Python applications?
PM 2Ring
  • 54,345
  • 6
  • 82
  • 182
SamCodes
  • 384
  • 4
  • 17
  • 2
    It depends on how you package the application (there's a few different ways to freeze the code into an executable for instance). Even then, it's in theory possible to reverse the byte compiled version of your Python code. Python wasn't designed to be secure, period. However, the topic is interesting. – Torxed Jun 27 '16 at 13:23
  • tl;dr: Is python code safe? **no**. – Torxed Jun 27 '16 at 13:25
  • As @Torxed said It depends on your environment, are you sending just .py files to the users? or pyc bytecode, or are you using something like cython or jython to work with c/c++ or the jvm, I'm a bit unsure what you mean by measure of security though – scrineym Jun 27 '16 at 13:29
  • 2
    A sufficiently determined adversary can modify any executable generated by any language. So is _any_ code being executed on the end user's machine safe? **no**. – Kevin Jun 27 '16 at 13:30
  • @scrineym : I'm asking about an application or tool developed in python. So how should we deploy it securely? – SamCodes Jun 27 '16 at 13:37
  • Also see http://programmers.stackexchange.com/questions/66616/how-can-i-prevent-a-client-from-seeing-my-code-written-in-an-interpreted-languag – PM 2Ring Jun 27 '16 at 13:37
  • Are you concerned about someone copying your application and selling it as their own? Or are you worried that someone at the user's company will modify the code (either due to incompetence or malice) and break it? – PM 2Ring Jun 27 '16 at 13:44
  • @user5259019 - *"So how should we deploy it securely?"* - You can't. If the user controls the platform, you cannot prevent reverse engineering by technological means. If you are that worried / risk-averse, then you need to run the code on your platform ONLY. – Stephen C Jun 27 '16 at 13:45
  • @PM2Ring : None of them. For knowledge purpose and for future reference I'm asking these. – SamCodes Jun 27 '16 at 16:22

2 Answers2

2

The end user would get the the source code unless you compile your python into bytecode and send that to the user.

For example :

python -O -m py_compile file1.py file2.py file3.py

However as with any bytecode it can be decompiled to a form similar to the source.

Jonathan Eustace
  • 2,469
  • 12
  • 31
  • 54
1

You can distribute the script, you can distribute packages (that can be installed with tools like pip install), you can distribute executable files that user can simply launch.

If your end user is not a tech-savy person (so no console commands and no source code shenanigans), you can distribute executables and hope that user's machine is not tampered with. Sure, you can make sure that executable is the same you are distributing but that serves little purpose if user's machine is compromised.

Daerdemandt
  • 2,281
  • 18
  • 19