[Tutor] Saving read-only or encoded text files?

Prasad, Ramit ramit.prasad at jpmorgan.com
Fri Nov 18 17:58:48 CET 2011 

Hi.  I've been using a lot of text files recently, and I'm starting to worry about a user hacking some element by editing the text files.  I know that I can pickle my data instead, creating less easily editable (try saying that five times fast) .dat files, but I'd rather store individual variables rather than lists of objects.  Is there a way to make my text files either read-only or saved in some way that they can't be opened, or at least not so easily as double-clicking on them?  I just want some slightly more secure code, though it's not too important.  I just thought I'd ask.
==========================================================================================

Any file will eventually be able to be reverse engineered, but it matters how much effort you care to obfuscate it. The way you can do it will vary based on your OS. 

For Windows, you can change the file extension to something that is not read by most text editors '.zxy'. It will still be able to be read if they try and open it with a text editor, but double clicking  will not work by default. You can also try setting the file attribute directly: http://code.activestate.com/recipes/303343-changing-file-attributes-on-windows/ 

For *nix/OS X, you can prepend the file with "." as those files are hidden by default on most *nix systems I have used. You can also try to use os.chmod(0###, 'filename').


Keep in mind that all of these solutions are probably user reversible since the application will have the permissions of the user account it is run as; in most cases this is the same as the logged in user.



Ramit


Ramit Prasad | JPMorgan Chase Investment Bank | Currencies Technology
712 Main Street | Houston, TX 77002
work phone: 713 - 216 - 5423

--
This email is confidential and subject to important disclaimers and
conditions including on offers for the purchase or sale of
securities, accuracy and completeness of information, viruses,
confidentiality, legal privilege, and legal entity disclaimers,
available at http://www.jpmorgan.com/pages/disclosures/email.

More information about the Tutor mailing list