[Tutor] Protecting username - password items in python3.3

Aurélien DESBRIÈRES aurelien at xload.io
Fri Oct 11 08:02:53 CEST 2013 

Paul Smith <paulrsmith7777 at gmail.com> writes:

> On Thu, Oct 10, 2013 at 5:49 PM, Oscar Benjamin
> <oscar.j.benjamin at gmail.com> wrote:
>
>     On 10 October 2013 22:28, Paul Smith <paulrsmith7777 at gmail.com>
>     wrote:
>     > Ok experts I need to protect username and password items in some
>     Python3.3
>     > code I am writing.
>     
>     
>     I'm not an expert on this subject but...
>     
>     
>     > Let me clarify, I don't care here about protecting the program
>     itself i.e.
>     > using
>     >
>     > else:
>     > main()
>     >
>     > to work around my username password input, I simply don't want
>     to reveal
>     > username and password info.
>     
>     
>     I have no idea what the above means.
>     
>     
>     > I see md5, hashlib etc. but my program will be up against some
>     BIG CORPS and
>     > I need to make it as painful a process possible for someone to
>     get
>     > username(typically email) and password information from my
>     program.
>     
>     
>     What do you mean by "BIG CORPS"? Is someone out to get you?
>     
>     
>     > I am considering using subprocess to achieve this if necessary.
>     
>     
>     I still don't really understand what you mean. The easiest way to
>     protect your program from leaking passwords is just to not store
>     any
>     passwords. Presumably you also want to store them in some form in
>     order to do something useful though?
>     
>     Do you want to store the passwords so that they can be recovered?
>     Or
>     just so they can be checked against to see if a password entered
>     later
>     matches? Are you also trying to hide some other data from the "BIG
>     CORPS". Perhaps if you could show a small demo script that does
>     approximately what you're thinking but indicating the parts
>     currently
>     missing I might understand what you mean.
>     
>     
>     Oscar
>
>
> _______________________________________________
> Tutor maillist  -  Tutor at python.org
> To unsubscribe or change subscription options:
> https://mail.python.org/mailman/listinfo/tutor

> I am automating my email login to yahoo... I run my python script
> injecting username and password into the login fields... I run my own
> filters grab only the information I want... Not a new concept just a
> new twist I am working on... I need to keep the username and password
> info in my python code hashed or encrypted somehow without referencing
> an outside source or file. I don't care about the program being locked
> down, we intend on githubbing it eventually, I just need the ability
> to protect any username or password items written in the code. Is this
> possible? 
>
> No one is out to get us or else they would already have us, lol. Ideas
> have consequences and though not nefarious it could be easily uglified
> um just think automated function married to a password cracker. I just
> know that I want to protect any and all information like real email
> addresses or passwords folks may use with our script. 
>
> -Paul
>

Hi,

Since this place is [Tutor] I think it's fine to explain that on mail
list you write your answer below.

Thanks Paul.

-- 
Aurélien DESBRIÈRES
Run Free - Run GNU.org

More information about the Tutor mailing list