[Tutor] Protecting username - password items in python3.3
Aurélien DESBRIÈRES
aurelien at xload.io
Fri Oct 11 08:02:53 CEST 2013
Paul Smith <paulrsmith7777 at gmail.com> writes:
> On Thu, Oct 10, 2013 at 5:49 PM, Oscar Benjamin
> <oscar.j.benjamin at gmail.com> wrote:
>
> On 10 October 2013 22:28, Paul Smith <paulrsmith7777 at gmail.com>
> wrote:
> > Ok experts I need to protect username and password items in some
> Python3.3
> > code I am writing.
>
>
> I'm not an expert on this subject but...
>
>
> > Let me clarify, I don't care here about protecting the program
> itself i.e.
> > using
> >
> > else:
> > main()
> >
> > to work around my username password input, I simply don't want
> to reveal
> > username and password info.
>
>
> I have no idea what the above means.
>
>
> > I see md5, hashlib etc. but my program will be up against some
> BIG CORPS and
> > I need to make it as painful a process possible for someone to
> get
> > username(typically email) and password information from my
> program.
>
>
> What do you mean by "BIG CORPS"? Is someone out to get you?
>
>
> > I am considering using subprocess to achieve this if necessary.
>
>
> I still don't really understand what you mean. The easiest way to
> protect your program from leaking passwords is just to not store
> any
> passwords. Presumably you also want to store them in some form in
> order to do something useful though?
>
> Do you want to store the passwords so that they can be recovered?
> Or
> just so they can be checked against to see if a password entered
> later
> matches? Are you also trying to hide some other data from the "BIG
> CORPS". Perhaps if you could show a small demo script that does
> approximately what you're thinking but indicating the parts
> currently
> missing I might understand what you mean.
>
>
> Oscar
>
>
> _______________________________________________
> Tutor maillist - Tutor at python.org
> To unsubscribe or change subscription options:
> https://mail.python.org/mailman/listinfo/tutor
> I am automating my email login to yahoo... I run my python script
> injecting username and password into the login fields... I run my own
> filters grab only the information I want... Not a new concept just a
> new twist I am working on... I need to keep the username and password
> info in my python code hashed or encrypted somehow without referencing
> an outside source or file. I don't care about the program being locked
> down, we intend on githubbing it eventually, I just need the ability
> to protect any username or password items written in the code. Is this
> possible?
>
> No one is out to get us or else they would already have us, lol. Ideas
> have consequences and though not nefarious it could be easily uglified
> um just think automated function married to a password cracker. I just
> know that I want to protect any and all information like real email
> addresses or passwords folks may use with our script.
>
> -Paul
>
Hi,
Since this place is [Tutor] I think it's fine to explain that on mail
list you write your answer below.
Thanks Paul.
--
Aurélien DESBRIÈRES
Run Free - Run GNU.org
More information about the Tutor
mailing list