what's the best methode to crypt/encode the python code.

Paul Rubin phr-n2001 at nightsong.com
Sun Sep 16 08:19:58 CEST 2001


If I understood the question, it's that the application needs to do
something that requires supplying another password, e.g. the
application wants to connect to a database.  It's not a question of
accepting passwords from users.  The question then is how do you get
the password into the application, without leaving it around in the
source file.  The answer is usually one of:
  1) get a password from the operator/admin when the application boots
  2) store the password in the application configuration or source
     code, and rely on the security of the file system to keep it secret,
     or
  3) store an encryption key in a hardware security module that never
     lets it out.

#3 is preferred for (e.g.) financial applications (financial
transaction network).  For other applications, #1 or #2 are both
ok, depending.




More information about the Python-list mailing list