Hiding stuff like passwords in source?
Fernando Pérez
fperez528 at yahoo.com
Thu Dec 6 13:08:56 EST 2001
David Brady wrote:
>
> What I'm wondering is if there's a way to encrypt,
> hide or otherwise modify the way I'm using my user
> info so that unless I am logged in at my machine, the
> user info is unusable and unreadable.
>
Of course what I'm going to suggest gives only *mild* security, not
real one, I know. But it's a lot better than what you have, and easy.
Write your scripts so that by default they all read certain info from
a file such as .personal_info stored in your home directory (and
read-accessible only for you, so that people have a slightly harder
time snooping into it). This file would be plaintext and of the form
user _name_
pass xxxxx
key value
...
Just a bland list of key/value pairs which you can then read (not
import). If you mail the script to anyone else, they can write a
similar file with their info for their own use. Your scripts can be
set up so that if such file is missing they just ask for the info
on-screen, that way they operate interactively for anyone but have a
convenient (if not too secure) way to get automated.
A number of ftp programs out there work on this principle.
If someone can have physical access to your machine, then you need
real security, and that's a different tune altogether. This is
convenience for the day to day stuff while blocking at least the most
stupid security breaches, not the serious problems.
Cheers,
f
More information about the Python-list
mailing list