Encrypted Logging in python
Gerhard Häring
gh at ghaering.de
Fri Jan 9 12:48:44 EST 2009
koranthala at gmail.com wrote:
> I was wondering if there is a mechanism to encrypt logging
> automatically in python.
Python's standard library doesn't include any "strong" symmetric
ciphers. But if you include for example a cryptographic module for AES,
for example, it should be easy (I guess 10 lines of code, yes, the issue
always is *which* 10 lines) to write a custom logger that encrypts using
a hardcoded key.
As others have said, this is not really secure, so you could just as
well use something stupid like rot13 or base64 instead.
> The issue is as follows:
> (a) An application (after py2exe) will go as executable and there
> is no need for the user to know that it is written in python. If an
> exception occurs and it is logged, then the user can understand it is
> written in python.
In 99.326 % of all cases, the answer is: so what?
> (b) A security threat. If an exception occurs, the code is seen by
> the user - and possibly be misused.
Simply make the user not see the exception, but use a fallback exception
handler that does whatever you want to. Write to a log file. Or write to
an encrypted log file if you still think that helps.
> Base64 encoding somewhat helps - which is supported by logging
> module - but even that is not very secure. If there can be an option -
> wherein we send in the password and the logging is encrypted - it
> might be better. [...]
As I said before, that should be trivial to program if you look up the
documentation about the logging module. Just subclass FileHandler. And
make sure your class is then used. That's probably the hardest part ;-)
That all being said, I have one final advise: Your time is probably much
better spent on *real* issues.
-- Gerhard
More information about the Python-list
mailing list