python and securing pyc files on disk

I set django's settings.py file to chmod 600 to keep felonious folks from spying my database connection info, but on import python compiles this file and writes out settings.pyc as mode 644. It doesn't take much sleuthing for the bad guys to get the info they need from this compiled version. I fear my blog entries are in grave danger.

Beyond the o开发者_如何学Gobvious os.chmod, what techniques folks use to keep your compiled python secure on disk?

You can set the umask directly in python. The interpreter uses this umask to create the pyc files:

import os
os.umask(077) # Only keep rights for owner
import test

Verify the test.pyc created:

$> ls -l test.py*
-rw-r--r-- 1 shad users  0 2009-11-29 00:15 test.py
-rw------- 1 shad users 94 2009-11-29 00:15 test.pyc

To add a little bit to S.Lott's comment: The code portion of your blog should be stored in a location where it can be executed (e.g. via a web request), but not read directly. Any reasonable web server providing CGI support will allow this to be set up.