Password validation security issue
Tim Chase
python.list at tim.thechases.com
Sat Mar 1 13:38:25 EST 2014
On 2014-03-02 05:11, Chris Angelico wrote:
> On Sun, Mar 2, 2014 at 4:49 AM, Renato <rvernucio at gmail.com> wrote:
> > My question is: is there a way of preventing the user from
> > reading the script's content?
Not really. It might be a bit obfuscated, but
>> Is there any strategy I could use to hide the passwords from the
>> users?
use Chris's suggestion about hashing.
That said, if the user has access to the source code, there's nothing
preventing them from changing
if hash(provided_password) == existing_hash:
do_magic()
into just
if True:
do_magic()
and re-running the program.
-tkc
More information about the Python-list
mailing list