No subject


Tue May 3 09:35:02 EDT 2005 

#! rnews 1990
Newsgroups: comp.lang.python
Path: news.xs4all.nl!newsspool.news.xs4all.nl!transit.news.xs4all.nl!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!nntp.abs.net!attws2!ip.att.net!NetNews1!xyzzy!nntp
From: Harry George <harry.g.george at boeing.com>
Subject: Re: Py2Exe security
X-Nntp-Posting-Host: cola2.ca.boeing.com
Content-Type: text/plain; charset=us-ascii
Message-ID: <xqxd5s8v46c.fsf at cola2.ca.boeing.com>
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.4
Lines: 35
Sender: hgg9140 at cola2.ca.boeing.com
Organization: The Boeing Company
References: <1115121780.404491.84240 at f14g2000cwb.googlegroups.com>
Mime-Version: 1.0
Date: Tue, 3 May 2005 13:18:19 GMT
Xref: news.xs4all.nl comp.lang.python:375624

"Terje Johan Abrahamsen" <terjeja at gmail.com> writes:

> Hello.
> 
> We have created some programs in Python that are to be distributed
> around. The programs will be made into .exe files by py2exe. However,
> in the source there are certain webadresses, logins and passwords that
> the programs use, that we would like to keep away from the end users.
> They will use them thru the program, but we would like them not to be
> extracted and used separately for other purposes.
> 
> Is the compiling by py2exe enough? I have opened all the files in the
> directory py2exe has made, and have not found anything I could read in
> clear text. However, that does not mean that others can not. Is it
> possible to extract these passwords, adresses and logins from the
> sourcecode? If py2exe is not enough, is there some other simple tools
> we can use to hide the source from the endusers?
> 
> Thanks in advance.
> 

Putting passwords in your program is a bad idea, with or without
Python and py2exe.  Even if you wrote the program in obfuscated C, and
stripped comments etc, an attacker could use "strings" to search for
candidate passwords.  Or just start at the beginning of the program
and use each byte as a candidate starting char.


Since you are working on MS Windows, consider getting:
M. Howard, D. LeBlanc, "Writing Secure Code", Microsoft Press, 2002.

-- 
harry.g.george at boeing.com
6-6M21 BCA CompArch Design Engineering
Phone: (425) 294-4718

More information about the Python-list mailing list