2.1. Highest security and performace

2.1.1. What’s the most security pyarmor could do?

The following options could improve security

  • --enable-rft almost doesn’t impact performace
  • --enable-bcc imports module need more times, for example, importing a plain script about 1 ms, but bcc module about 200 ms
  • --enable-jit prevents from static decompilation
  • --enable-themida prevents from most of debuggers, only available in Windows, and reduce permormance remarkable
  • --mix-str protects string constant in the script
  • pyarmor cfg mix_argnames=1 may broken annotations

The following options hide module attributes

The following options prevent from injecting functions into obfusated modules

2.1.2. What’re the best performace pyarmor could do?

Using default options and the following settings

By these options, the security is almost same as .pyc

In order to improve security, and doesn’t reduce performace, also enable RFT mode

If there are sensitive string, enable mix-str with filter

  • pyarmor cfg mix.str:includes “/regular expression/”
  • --mix-str

Without filter, all of string constants in the scripts are encrypte, it may reduce performance. Using filter only encrypt the sensitive string may balace security and performance.

2.1.3. Recommened options for different applications

1. For django application or serving web request

If RFT mode is safe enough, you can check the transformed scripts to make decision, using these options

If RFT mode is not safe enought, using these options

  1. For most of applications and packages

    If RFT mode and BCC mode are available

    If not

    If care about injecting track, also

    • --assert-call with inline marker to make sure all the key functions are protected

    If it’s not perfomace sensitive, using --enable-themida prevent from debuggers