Hiding stuff like passwords in source?

David Brady daves_spam_dodging_account at yahoo.com
Fri Dec 7 22:50:34 CET 2001


I have written a bunch of utilities for Python that
handle niggly things for me like synching ftp
directories and such.  Because I'm too lazy to type in
my password every time, I've just jammed in the
password into the Python source.  It's nice being able
to just double-click and have a thing run.

The problem is, of course, security.  If someone else
uses my machine, they could easily find my
username/passwords from my Python source. 
Furthermore, I'm absent-minded and will occasionally
mail scripts to people, and though I have so far
managed to not accidentally send one with my password
in it, I'm sure it's only a matter of time.

What I'm wondering is if there's a way to encrypt,
hide or otherwise modify the way I'm using my user
info so that unless I am logged in at my machine, the
user info is unusable and unreadable.

I got real "clever" a week ago and wrote a module
called ftpid and put the variables in there.  Then I
compiled it and deleted the .py file, leaving only the
.pyc.  Ah, so clever was I, until I noticed that
hiding the source did not prevent me from saying
"print ftpid.username, ftpid.password".  *SIGH*.

I'd really like to preserve the ability to just click
a script and have it run as "me", with my info and
password.  I just don't want to let anyone else get at
that information or be able to use it... but I *do*
want to be able to easily give them the script so they
can type in their own information and have it work for
them on their server, etc.

Any ideas?



David Brady
daves_spam_dodging_account at yahoo.com
I'm feeling very surreal today... or *AM* I?

Do You Yahoo!?
Send your FREE holiday greetings online!

More information about the Python-list mailing list