Py2Exe security
Will McGugan
news at NOwillmcguganSPAM.com
Tue May 3 09:21:36 EDT 2005
Terje Johan Abrahamsen wrote:
>>If your program can access these details, then a suficiently
>>determined attacker can access them too, regardless of what you do.
>
>
> Yes, I assume so. Luckily it is not national secrets we are trying to
> hide. But, how does py2exe compare with for example a program written
> in a compiled language like C++? Is it easier to find the info in a
> py2exe .exe than a c++ compiled c++?
>
Its not the exe file you need to be concerned about, its the pyc files
that are created with it. I imagine the strings will be in plain text
form, just like compiled C++.
As others have pointed out, it would be impossible to prevent an
attacker from discovering information inside the app. The best you can
do is obfuscate the strings somehow and 'un-obfuscate' them when the app
runs. That way they at least wont be obvious. Take a look at my
signature for an example!
Will McGugan
--
http://www.willmcgugan.com
"".join( [ {'*':'@','^':'.'}.get(c,None) or chr(97+(ord(c)-84)%26) for c
in "jvyy*jvyyzpthtna^pbz" ] )
More information about the Python-list
mailing list