在 Docker 中分发 python 源代码安全吗? [英] Is distributing python source code in Docker secure?
问题描述
我即将决定该项目的编程语言.要求是一些客户希望在没有外部互联网访问的独立服务器上运行应用程序.
I am about to decide on programming language for the project. The requirements are that some of customers want to run application on isolated servers without external internet access.
为此,我需要将应用程序分发给他们,并且不能使用 SaaS 方法在例如我的云上运行(我更愿意这样做......).
To do that I need to distribute application to them and cannot use SaaS approach running on, for example, my cloud (what I'd prefer to do...).
问题是,如果我决定使用 Python 来开发它,我需要为客户提供易于阅读的代码,这并不是我真正想要做的(当然,我知道你知道吗?确实需要保护您的源代码"之类的问题,但目前不在范围内).
The problem is that if I decide to use Python for developing this, I would need to provide customer with easy readable code which is not really what I'd like to do (of course, I know about all that "do you really need to protect your source code" kind of questions but it's out of scope for now).
我的一位同事向我介绍了 Docker.我可以找到很多关于 Docker 容器安全性的答案.问题在于保护(隔离)主机免受容器中运行的代码的影响.
One of my colleagues told me about Docker. I can find dozen of answers about Docker container security. Problem is all that is about protecting (isolating) host from code running in container.
我需要知道 Docker 映像中和在 Docker 容器中运行的 Python 源代码是否受到保护,无法访问 - 用户能否以某种方式(不需要很容易)访问该 Python 代码?
What I need is to know if the Python source code in the Docker Image and running in Docker Container is secured from access - can user in some way (doesn't need to be easy) access that Python code?
我知道我不能保护一切,我知道反编译/破解一切都是可能的.我只是想知道答案,只是为了决定在 Docker 中访问我的代码的方式是否足够困难,我可以冒险.
I know I can't protect everything, I know it is possible to decompile/crack everything. I just want to know the answer just to decide whether the way to access my code inside Docker is hard enough that I can take the risk.
推荐答案
Docker 镜像是一个 开放和文档化 应用程序打包"格式.有无数种方法可以检查图像内容,包括其中包含的所有 Python 源代码.
Docker images are an open and documented "application packaging" format. There are countless ways to inspect the image contents, including all of the python source code shipped inside of them.
在容器内运行应用程序提供了与逃离容器以访问主机的应用程序的隔离.它们不会保护您免受主机上的用户检查容器内部发生的事情的影响.
Running applications inside of a container provides isolation from the application escaping the container to access the host. They do not protect you from users on the host inspecting what is occurring inside of the container.
这篇关于在 Docker 中分发 python 源代码安全吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
