Py2Exe security
andreas at kostyrka.org
andreas at kostyrka.org
Tue May 3 09:56:51 EDT 2005
On Tue, May 03, 2005 at 06:01:33AM -0700, Terje Johan Abrahamsen wrote:
>
> Simon Brunning wrote:
> > On 3 May 2005 05:03:00 -0700, Terje Johan Abrahamsen
> <terjeja at gmail.com> wrote:
> > > We have created some programs in Python that are to be distributed
> > > around. The programs will be made into .exe files by py2exe.
> However,
> > > in the source there are certain webadresses, logins and passwords
> that
> > > the programs use, that we would like to keep away from the end
> users.
> > > They will use them thru the program, but we would like them not to
> be
> > > extracted and used separately for other purposes.
> >
> > If your program can access these details, then a suficiently
> > determined attacker can access them too, regardless of what you do.
>
> Yes, I assume so. Luckily it is not national secrets we are trying to
> hide. But, how does py2exe compare with for example a program written
> in a compiled language like C++? Is it easier to find the info in a
> py2exe .exe than a c++ compiled c++?
About the same. C++ programs do have their string constants as cleartext
in the binary too.
Personally I'd be more concerned about the network side (use https and
verify the server certificate), and debugging tools that might be able
to intercept your traffic anyway.
Andreas
More information about the Python-list
mailing list