[Tutor] Re: How to obfuscate a database password. (fwd)

Andrei project5 at redrival.net
Wed Apr 20 08:06:02 CEST 2005


> From: David Driver <count0.djd <at> gmail.com>
> I am not necessarily talking about passwords for users but about the
> password that is used for connecting to the database. In a compiled
> language you would have to look pretty hard in a dll to find where the
> password had been encoded. As you point out there will be users inside
> of the application. Their passwords will be hashed and stored in the
> database. That is relatively easy to execute. But the password that
> the application uses to connect to the database is going to be stored
> somewhere in the code.

Storing passwords in the exe/dll/pyc doesn't sound like a particularly secure
option whichever way you look at it. If you don't value the password of the DB
very much, you can always obsfucate it (zipping or converting to a list of
integers comes to mind, or you can be creative and devise something else -
though more obsfucation != more security). The effect this will have in stopping
a determined person will be pretty much zero, but at least it's not out there in
the open and a simple text search won't cause it to just show up.

Yours,

Andrei



More information about the Tutor mailing list