Password validation security issue

Renato rvernucio at gmail.com
Sat Mar 1 18:49:49 CET 2014


Hello everybody, I implemented a password validation with a Python 2.7.5 script in OpenSUSE 13.1. The user calls it passing 'login' and 'password' as arguments. I made a dictionary in the format hashtable = {'login':'password'} and I use this hash table to compare the 'login' and 'password' that were passed in order to validate them. The problem is that any user who can execute the script will be able to read it too (since it must be read by python's interpreter), and this is causing some security issues since any user can access all other users' passwords if he opens this script and reads the code.

My question is: is there a way of preventing the user from reading the script's content? Is there any strategy I could use to hide the passwords from the users?



More information about the Python-list mailing list