[Django]-What measures can I take to safeguard the source code of my django site from others?

If someone has the privileges to access anything/anywhere on the server you can’t do much, because what you can do others can do too, you can try some way of obfuscation but that will not work. Only solution is NOT to use such shared repository.

Edit: options

1. Keep working with shared repository if your data is not very sensitive
2. Use dedicated hosting from companies like rack-space etc
3. Use AWS to run your own instance
4. Use google-app-engine server but that may require a DB change
5. Run your own server (most secure)

There is almost no scenario where your hosting provider would be interested in your source code. The source code of most websites just isn’t worth very much.

If you really feel it is necessary to protect your source code, the best thing to do is serve it from a system that you own and control physically and have exclusive access to.

Failing that, there are a few techniques for obfuscating python, the most straightforward of which is to only push .pyc files and not .py files to your production server. However, this is not standard practice with Django because theft of web site source code by hosting providers is not really an extant problem. I do not know whether or not this technique would work with Django specifically.

While your source code’s probably fine where it is, I’d recommend not storing your configuration passwords in plaintext, whether the code file is compiled or not. Rather, have a hash of the appropriate password on the server, have the server generate a hash of the password submitted during login and compare those instead. Standard security practice.

Then again I could just be talking out my rear end since I haven’t fussed about with Django yet.

Protecting source code is not that important IMHO. I would just deploy compiled files and not worry too much about it.

Protecting your config (specially passwords) is indeed important. Temia’s point is good.