[Tutor] Fwd: Including files for security.

W W srilyk at gmail.com
Mon Aug 25 03:41:18 CEST 2008


---------- Forwarded message ----------
From: W W <srilyk at gmail.com>
Date: Sun, Aug 24, 2008 at 8:40 PM
Subject: Re: [Tutor] Including files for security.
To: Dotan Cohen <dotancohen at gmail.com>


On Sun, Aug 24, 2008 at 3:38 PM, Dotan Cohen <dotancohen at gmail.com> wrote:

> 2008/8/24 Alan Gauld <alan.gauld at btinternet.com>:
> >
> > "Dotan Cohen" <dotancohen at gmail.com> wrote
> >
> >> I think that I will use the open() and read() functions, thanks! I did
> >> think of that, but I wanted to know if there was a better wheel
> >> invented already.
> >
> > Another option is to use environment variables to store them.
> > These can be set when the server starts up. But a config file
> > is ok too.
> >
>
> Thanks, I will google that. But I will save it for other uses, as I
> don't want to risk an exploit where one could walk the environment and
> discover that info. Does Python have an equivalent to phpinfo()?
>

You could also store the passwords as a salted hash, and use a nondescript
method to import/decode them.

It wouldn't stop the serious attacker, but it would make it a little harder
for accidental discovery.

HTH,
Wayne



-- 
To be considered stupid and to be told so is more painful than being called
gluttonous, mendacious, violent, lascivious, lazy, cowardly: every weakness,
every vice, has found its defenders, its rhetoric, its ennoblement and
exaltation, but stupidity hasn't. - Primo Levi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/tutor/attachments/20080824/bea10478/attachment-0001.htm>


More information about the Tutor mailing list