How to obscure a password
Peter Hansen
peter at engcorp.com
Fri Feb 27 09:24:17 EST 2004
Peter Hansen wrote:
>
> > Peter Hansen wrote:
> > #- Is it that you're going to be sending this password to a
> > #- remote system,
> > #- so basically you've got a utility which allows storing the password
> > #- locally so that a user doesn't have to retype it but can still access
> > #- the remote system? (If that's the case, you could title this utility
> > #- "security-removal-tool" because that's what it is. Your
> > #- call though...)
>
[snip Facundo's reply]
>
> Ah, storing it _locally_. That's at least a darn sight better than storing
> it unencrypted on a server where an adminstrator has access. At least this
> way one can rely on physical protections such as the lock on the office door...
Sorry, I must have been clueless when I wrote the first message. For some
reason I was thinking that the place where the file was stored would be
accessible to other people, even though I clearly knew at the time it was
"local". Must have confused myself after my first impression that this would
be storing the password on a server where an admin user could see it.
So local is okay, and yes, I know, dozens of other programs already do
this, probably with less security than whatever you'll come up with.
-Peter
More information about the Python-list
mailing list