storing passwords
Moshe Zadka
moshez at zadka.site.co.il
Mon Jan 15 15:08:52 EST 2001
On Mon, 15 Jan 2001 Andrew MacIntyre <andymac at bullseye.apana.org.au> wrote:
> I wrote a simple module that stores the account,password pair as an XOR
> "masked" string in a dbm file with the hostname as the key. The module is
> only published (put in the PYTHONPATH) as a .pyc/.pyo, so the full source
> is not generally readable.
>
> This is only obscurity however, not real security.
And not even good obscurity! .pyc files are actually quite readable
if you use the dis module, and I think Mr. Aycock wrote a decompyler.
Don't use security through obscurity, please! It will only give you
a sense of security, lulling your senses. I think that in that case,
the only thing to do is to rely on the OS security as far as permissions
go.
--
Moshe Zadka <sig at zadka.site.co.il>
This is a signature anti-virus.
Please stop the spread of signature viruses!
More information about the Python-list
mailing list