Securing a database
Diez B. Roggisch
deets at nospam.web.de
Fri Jan 23 11:19:20 CET 2009
> Thank you very much Diez.
> This was my fear.
> Anyways, if we can make it real hard for them to analyze also, I think
> we are in the good - esp since the clients are not extremely rich
> enough to go for professional analyzers --
> What is the skype method? The code is not huge - less than 20K LOC so,
> code encryption looks somewhat OK - would you be able to direct me to
> any hints on this?
20LOC of pyhon translates to the tenfold in a compiled language I'd guess.
And all I know about the skype-protection I've read from some paper of
some french researches - I think. However, that paper was about
*breaking* the encryption, not about how to write it.
And I'm not an expert in these matters, mind you.
> One another option that I was thinking was to automatically generate
> the password for the database - re-encrypt every 1 hr - and store the
> password inside the code itself. Is that possible in Python? i.e.
> changing the code itself.
But wherefrom do you get the *initial* password, or the one used the
last time? What happens if the process dies unexpectedly, leaving the db
in an undefined, half-crypted state with no way to know the new password?
Seriously - if I was assigned the task of doing this thing, I'd seek
help from somebody who has experience in these matters. It's hard to get
right, and easy to get wrong but think one has it right.
More information about the Python-list