I'm writing a Python library for my colleagues to use, but there are certain pieces of code that I do not want them to access. For example, some function connects to databases with configs that are private. Also, certain functions involve proprietary algorithms that I do not want to reveal.

So, is it possible for my colleagues to use the library, that is, they could import it, but can never access the source code? We work on the same server and I can control their access privileges on the server.

CodePudding user response：

Put the library in a separate server where no one has access to and then expose the library via API.

CodePudding user response：

If the data within the file is security sensitive (must be kept secret), the answer is no. It can generally be reverse-engineered.

However, if the intent the just to make the source code less-than-obvious, or difficult to edit, you can take a note from the get-pip.py script (linked here) which contains the bulk of the code in a base85 encoded .zip file. This is decoded by the 'unpacker' method(s) and processed accordingly.

The code can be further obfuscated by encrypting it with a key, known only to the unpacker. The key can be stored in a (controlled) database, or another more secure location; obviously given the users cannot access (or know about) the database.

At the end of the day, if the users are determined to see the code, they'll likely find a way. But if the users are general office employees who either do not care, are not malicious, or just shouldn't access the code, this solution might be viable.