[python-win32] Storing Passwords.
Greg Ewing
greg.ewing at canterbury.ac.nz
Mon Jan 19 21:51:13 CET 2015
Bob Hood wrote:
> I'm probably missing some crucial point here, but with Python being the
> host environment, why wouldn't the Python "keyring" module provide the
> hardened storage the OP is seeking?
The same problem arises. If the program can get the password
out of the keyring, then so can any user who is capable of
running the program. If nothing else, by inserting a print
statement into the program at the point just after it has
retrieved the password.
Keyrings allow a user to keep his or her passwords secret
from *other* users. The OP seems to want to keep the *user*
of the password from being able to know it, which is
fundamentally impossible.
The best you can do is obfuscate it, but with Python code
being so easy to reverse-engineer, you can't get much
security that way.
--
Greg
More information about the python-win32
mailing list