On Wed, 04 Apr 2007 18:04:57 -0700, ts-dev wrote: > Is it possible to prevent modification of a python file once its been > deployed? File permissions of the OS could be used..but that doesn't > seem very secure. > > The root of my question is verifying the integrity of the application > and the scripts being run. Is this possible, if so, how?
Your best bet is probably some sort of cryptographic signature mechanism. However, if they can modify it, they can likely modify it so that the signature check is disabled. So you need something you "trust" to verify said signature. So basically, except in a "trusted" computing environment, you cannot entire ensure what you're wanting. OS permissions are probably the most practical thing you've got; the signature thing could fool some slightly more intrepid attackers. One significant factor: are you worried about other users on your systems (or other users who share systems with you under a third party's control), or are you worried about what people will do on their own systems? - Michael -- http://mail.python.org/mailman/listinfo/python-list
