Hiding stuff like passwords in source?

Fernando Pérez fperez528 at yahoo.com
Thu Dec 6 19:08:56 CET 2001


David Brady wrote:

>
> What I'm wondering is if there's a way to encrypt,
> hide or otherwise modify the way I'm using my user
> info so that unless I am logged in at my machine, the
> user info is unusable and unreadable.
>

Of course what I'm going to suggest gives only *mild* security, not 
real one, I know. But it's a lot better than what you  have, and easy.

Write your scripts so that by default they all read certain info from 
a file such as .personal_info stored in your home directory (and 
read-accessible only for you, so that people have a slightly harder 
time snooping into it). This file would be plaintext and of the form

user _name_
pass xxxxx
key  value
...

Just a bland list of key/value pairs which you can then read (not 
import). If you mail the script to anyone else, they can write a 
similar file with their info for their own use. Your scripts can be 
set up so that if such file is missing they just ask for the info 
on-screen, that way they operate interactively for anyone but have a 
convenient (if not too secure) way to get automated.

A number of ftp programs out there work on this principle.

If someone can have physical access to your machine, then you need 
real security, and that's a different tune altogether. This is 
convenience for the day to day stuff while blocking at least the most 
stupid security breaches, not the serious problems.

Cheers,

f



More information about the Python-list mailing list