Hiding stuff like passwords in source?
Karl M. Syring
syring at email.com
Fri Dec 7 23:53:05 CET 2001
"David Brady" <daves_spam_dodging_account at yahoo.com> schrieb im Newsbeitrag
news:mailman.1007761874.4238.python-list at python.org...
> I have written a bunch of utilities for Python that
> handle niggly things for me like synching ftp
> directories and such. Because I'm too lazy to type in
> my password every time, I've just jammed in the
> password into the Python source. It's nice being able
> to just double-click and have a thing run.
> The problem is, of course, security. If someone else
> uses my machine, they could easily find my
> username/passwords from my Python source.
> Furthermore, I'm absent-minded and will occasionally
> mail scripts to people, and though I have so far
> managed to not accidentally send one with my password
> in it, I'm sure it's only a matter of time.
The only solution that is relatively safe is to have our own logon
procedure. Your data and programs are generally encrypted and when you start
working, you use the logon program to decrypt your data.
If you logoff, everything gets encrypted again. For really sensitive
applications, the logon/logoff program will be a persistent process with a
dead woman switch that will encrypt everything if you do not contact it for
10 minutes or so.
Of course, to be shure, you should carry the floppy disk with the logon
program in your shirt pocket. This spares you the embarrassment if you
forget your 25 character password.
Karl M. Syring
More information about the Python-list