storing passwords

[Moshe Zadka]

On Mon, 15 Jan 2001 Andrew MacIntyre <andymac at bullseye.apana.org.au> wrote:

> I wrote a simple module that stores the account,password pair as an XOR
> "masked" string in a dbm file with the hostname as the key.  The module is
> only published (put in the PYTHONPATH) as a .pyc/.pyo, so the full source
> is not generally readable.
> 
> This is only obscurity however, not real security.

And not even good obscurity! .pyc files are actually quite readable
if you use the dis module, and I think Mr. Aycock wrote a decompyler.
Don't use security through obscurity, please! It will only give you
a sense of security, lulling your senses. I think that in that case,
the only thing to do is to rely on the OS security as far as permissions
go.
-- 
Moshe Zadka <sig at zadka.site.co.il>
This is a signature anti-virus. 
Please stop the spread of signature viruses!