[Tutor] passwords in scripts
Alan Gauld
alan.gauld at freenet.co.uk
Tue Jan 24 21:46:38 CET 2006
> Compiling is certainly helpful in my case, and I did
> not realise how simple it was until you explained it.
Remember that only *imported* modules are compiled.
Your main program will not be compiled.
You can fix that by having your main program look like this:
####### dummy mainprog.py ########
import realprog
realprog.main()
################################
So the real code lives in realprog whjich will be compiled.
You can then remove all .py files except mainprog.py.
> I estimate that most of our MCSEs will not know about
> the strings command or attempt to look inside
> something like test.pyc for a password.
> As for users, I'll be amazed if they tried it.
It depends on their Unix experience.
In the old days of Unix (around 1988-1998 - ie pre Y2K issues...)
using strings was a standard user trick to find out how to use
a program for which man pages had not been installed
- the usage instructions were usually to be found using strings.
And since X windows became popular as a Unix GUI strings
is still a popular way to find out what X resources can be set
to customise an applications behaviour/appearance
- the resources are often badly documented....
Speaking personally one of the first things I do after adding a
new app on Unix is run strings on it! And I know I'm not alone.
So if your users have had access to Unix in the past there is a
high likeliehood of them knowing about strings. (other commands
that users use to derive personaisation settings include truss/strace
to monitor the inter process calls.)
Alan G.
More information about the Tutor
mailing list