user authorization (with one time login) in a Python desktop application ?

Stef Mientki stef.mientki at gmail.com
Sun Sep 27 16:11:52 CEST 2009


hello,

I've a Python desktop application, running under Widows, that stores the 
data in a central SQLite database.

Depending on the user login on the system, some of the data from the 
database is allowed and other data is forbidden.

I can read the current logged in user.
The authorization for each user is stored encrypted in the database.
The program is delivered as pyc files,
but from what I read, these can easily be reversed engineered.

There is even an encrypted version of SQLite (not freeware),
but as long as test the authorization in Python,
it doesn't seem to be a good protection.

So at first thought, a better way might be the following process:
- encrypt the whole database
- run all queries through a DLL written in C or Delphi, where also the 
authorization is checked

But on second thought that isn't true.
The login on the computer is assumed to be enough (1-time login).
So the Python program passes the username to the external DLL.
And there's the weak point again,
the username of every person in our organization is known to every one.
So it shouldn't be too difficult to modify the program,
so it will always use the external DLL with the username with the 
highest authorization.

So the question remains:
Is it possible to create a Python Desktop application,
with user authorization, based on the login of the user ?

thanks,
Stef Mientki



More information about the Python-list mailing list