Securing a database

kt83313 at gmail.com kt83313 at gmail.com
Fri Jan 23 12:01:13 CET 2009


On Jan 23, 3:19 pm, "Diez B. Roggisch" <de... at nospam.web.de> wrote:
> > Thank you very much Diez.
> > This was my fear.
> > Anyways, if we can make it real hard for them to analyze also, I think
> > we are in the good - esp since the clients are not extremely rich
> > enough to go for professional analyzers --
> > What is the skype method? The code is not huge - less than 20K LOC so,
> > code encryption looks somewhat OK - would you be able to direct me to
> > any hints on this?
>
> 20LOC of pyhon translates to the tenfold in a compiled language I'd guess.
>
> And all I know about the skype-protection I've read from some paper of
> some french researches - I think. However, that paper was about
> *breaking* the encryption, not about how to write it.
>
> And I'm not an expert in these matters, mind you.
>
> > One another option that I was thinking was to automatically generate
> > the password for the database - re-encrypt every 1 hr - and store the
> > password inside the code itself. Is that possible in Python? i.e.
> > changing the code itself.
>
> But wherefrom do you get the *initial* password, or the one used the
> last time? What happens if the process dies unexpectedly, leaving the db
> in an undefined, half-crypted state with no way to know the new password?
>
> Seriously - if I was assigned the task of doing this thing, I'd seek
> help from somebody who has experience in these matters. It's hard to get
> right, and easy to get wrong but think one has it right.
>
> Diez

I agree Diez.
Anyways, code encryption seems to be a fun thing. I will try to see
whether some papers about Skype is running around.
If I can get it done, then maybe I will try to post the code here.

KT
--



More information about the Python-list mailing list