what's the best methode to crypt/encode the python code.

[Paul Rubin]

vincent delft <vincent_delft at yahoo.com> writes:
> I've written a Python code that check an application (registration
> into the DB, execution of commands, ...).  And I would like to put
> this code on the production machine.  My problem is that some
> passwords and some private info are into the python code.
> 
> How can we secure it ?
> I don't want that someone (the others that have acccess to the machine)
> can read this code.

Generally it's a difficult problem.  Serious high security applications
use hardware cryptography modules to encapsulate the secrets.  The more
normal solution is to encrypt the secrets that are stored in the disk
files, using a password that isn't stored.  Then when you start the
application running, you have to supply the password, which the
application then keeps in memory while it's running.  Of course this
is only feasible for long-running applications like web servers.

I've been meaning to write a simple Python crypto module that would
let you encrypt and decrypt strings, where the actual crypto code (and
embedded keys) would run in a separate, long-running Unix process and
communicate with the caller through Unix domain sockets.  So you'd
enter a password in order to start the crypto server, and then your
application could call it as needed.  I'm out of town right now but
will try to write this and post the code for it sometime next week.