<div dir="ltr"><br><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">W W</b> <span dir="ltr"><<a href="mailto:srilyk@gmail.com">srilyk@gmail.com</a>></span><br>
Date: Sun, Aug 24, 2008 at 8:40 PM<br>Subject: Re: [Tutor] Including files for security.<br>To: Dotan Cohen <<a href="mailto:dotancohen@gmail.com">dotancohen@gmail.com</a>><br><br><br><div dir="ltr"><div class="Ih2E3d">
On Sun, Aug 24, 2008 at 3:38 PM, Dotan Cohen <span dir="ltr"><<a href="mailto:dotancohen@gmail.com" target="_blank">dotancohen@gmail.com</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
2008/8/24 Alan Gauld <<a href="mailto:alan.gauld@btinternet.com" target="_blank">alan.gauld@btinternet.com</a>>:<br>
<div>><br>
> "Dotan Cohen" <<a href="mailto:dotancohen@gmail.com" target="_blank">dotancohen@gmail.com</a>> wrote<br>
><br>
>> I think that I will use the open() and read() functions, thanks! I did<br>
>> think of that, but I wanted to know if there was a better wheel<br>
>> invented already.<br>
><br>
> Another option is to use environment variables to store them.<br>
> These can be set when the server starts up. But a config file<br>
> is ok too.<br>
><br>
<br>
</div>Thanks, I will google that. But I will save it for other uses, as I<br>
don't want to risk an exploit where one could walk the environment and<br>
discover that info. Does Python have an equivalent to phpinfo()?<br></blockquote></div><br></div>You could also store the passwords as a salted hash, and use a nondescript method to import/decode them.<br><br>It wouldn't stop the serious attacker, but it would make it a little harder for accidental discovery.<br>
<br>HTH,<br>Wayne<br>
</div>
</div><br><br clear="all"><br>-- <br>To be considered stupid and to be told so is more painful than being called gluttonous, mendacious, violent, lascivious, lazy, cowardly: every weakness, every vice, has found its defenders, its rhetoric, its ennoblement and exaltation, but stupidity hasn't. - Primo Levi<br>
</div>