Secure scripts variables

Serge Orlov Serge.Orlov at gmail.com
Tue Mar 29 17:01:32 CEST 2005


Florian Lindner wrote:
> Hello,
> given the following situation:
>
> I have a script which is readable and executable by a user, but not
> writable.
> The users executes the scripts, it reads in a value and based on this
> value  it computes a result and stores it in a variable.
> Can the user read out the value of this variable?

Yes.

> If yes, can he be prevented to do so?

Only if the sensitive part of your script runs under different
user. See thread about storing passwords in a script:

http://groups-beta.google.com/group/comp.lang.python/browse_frm/thread/91e4c114c5114e92


> (It's a ordinary user on a Linux system with access to the python
> interpreter.)

If there is a will, there is a way :) I used to run a persistant server
on Solaris as ordinary user. The trick is to create an entry in crontab
that will periodically (every 10 minutes) check if your server is
running, if not, start it up. Note however, after that it's not a good
idea to keep sensitive files in your home directory (like your tax
forms or browsing history), because if you make an error in your server
and it will be hacked, then you risk exposing all your files.


  Serge.




More information about the Python-list mailing list