11

I am about to decide on programming language for the project. The requirements are that some of customers want to run application on isolated servers without external internet access.

To do that I need to distribute application to them and cannot use SaaS approach running on, for example, my cloud (what I'd prefer to do...).

The problem is that if I decide to use Python for developing this, I would need to provide customer with easy readable code which is not really what I'd like to do (of course, I know about all that "do you really need to protect your source code" kind of questions but it's out of scope for now).

One of my colleagues told me about Docker. I can find dozen of answers about Docker container security. Problem is all that is about protecting (isolating) host from code running in container.

What I need is to know if the Python source code in the Docker Image and running in Docker Container is secured from access - can user in some way (doesn't need to be easy) access that Python code?

I know I can't protect everything, I know it is possible to decompile/crack everything. I just want to know the answer just to decide whether the way to access my code inside Docker is hard enough that I can take the risk.

jonrsharpe
  • 115,751
  • 26
  • 228
  • 437
Dragin
  • 432
  • 3
  • 11
  • 2
    *“can user in some way (doesn't need to be easy) access that Python code?”* Yes, and it’s easy, too. – Ry- Jul 27 '18 at 07:21
  • Would you care to at least share where you got this information from? – dennlinger Jul 27 '18 at 07:26
  • If you give users the code to run, they can inspect its logic and behavior fairly easily *regardless of the language*. Assume that any source code or compiled binaries you distribute are compromised. – dimo414 Jul 27 '18 at 07:54
  • Of course but sometimes to "decompile" or get access to logic in some other way is not worth the effort and that is what I'd like to estimate. Other thing - I'd like to know why question is downvoted, is it not following some SO rules? I checked help center and just can't find the reason. – Dragin Jul 27 '18 at 07:58

4 Answers4

8

Docker images are an open and documented "application packaging" format. There are countless ways to inspect the image contents, including all of the python source code shipped inside of them.

Running applications inside of a container provides isolation from the application escaping the container to access the host. They do not protect you from users on the host inspecting what is occurring inside of the container.

BMitch
  • 231,797
  • 42
  • 475
  • 450
3

Python programs are distributed as source code. If it can run on a client machine, then the code is readable on that machine. A docker container only contains the application and its libraries, external binaries and files, not a full OS. As the security can only be managed at OS level (or through encryption) and as the OS is under client control, the client can read any file on the docker container, including your Python source.

If you really want to go that way, you should consider providing a full Virtual Machine to your client. In that case, the VM contains a full OS with its account based security (administrative account passwords on the VM can be different from those of the host). Is is far from still waters, because it means that the client will be enable to setup or adapt networking on the VM among other problems...

And you should be aware the the client security officer could emit a strong NO when it comes to running a non controlled VM on their network. I would never accept it.

Anyway, as the client has full access to the VM, really securing it will be hard if ever possible (disable booting from an additional device may even not be possible). It is admitted in security that if the attacker has physical access, you have lost.

TL/DR: It in not the expected answer but just don't. It you sell your solution you will have a legal contract with your customer, and that kind of problem should be handled at a legal level, not a technical one. You can try, and I have even given you a hint, but IMHO the risks are higher than the gain.

Serge Ballesta
  • 143,923
  • 11
  • 122
  • 252
3

I know that´s been more than 3 years, but... looking for the same kind of solution I think that including compiled python code -not your source code- inside the container would be a challenging trial for someone trying to access your valuable source code.

If you run pyinstaller --onefile yourscript.py you will get a compiled single file that can be run as an executable. I have only tested it in Raspberry, but as far as I know it´s the same for, say, Windows.

Of course anything can be reverse engineered, but hopefully it won´t be worth the effort to the regular end user.

Dharman
  • 30,962
  • 25
  • 85
  • 135
PiBer2
  • 159
  • 10
  • 1
    I am also looking for a solution to this matter. And so far, I think this answer sounds most reasonable. I could deploy my Flask app on a Linux container, but it is not right to let any customer see the running source code inside it. Please let me know if anyone has new updates on this question. Thanks in advance. – NguyenHai Nov 07 '22 at 02:14
1

I think it could be a solution as using a "container" to protect our code from the person we wouldn't let them access. the problem is docker is not a secure container. As the root of the host machine has the most powerful control of the Docker container, we don't have any method to protect the root from accessing inside of the container.

I just have some ideas about a secure container:

  1. Build a container with init file like docker file, a password must be set when the container is created;
  2. once the container is built, we have to use a password to access inside, including reading\copy\modify files
  3. all the files stored on the host machine should be encypt。
  4. no "retrieve password" or “--skip-grant-” mode is offered. that means nobody can access the data inside the container if u lost the password.

If we have a trustable container where we can run tomcat or Django server, code obfuscation will not be necessary.

Hasitha Jayawardana
  • 2,326
  • 4
  • 18
  • 36
matthew
  • 11
  • 2