On 05/05/2010 08:12 PM, Vincent Davis wrote:
I can't think of a way to do this, not sure it is possible but I feel as
though I might not know what I don't know.
I want to share and example of a python script, to run it needs a google
username and password. Is there a way for me to encrypt my username and
password in the source code?
No-ish. You can encrypt it, but if you encrypt it, you need to
include the keys or algorithm for decrypting it, and all it takes
is a pdb.set_trace() before the decrypted uname/pwd get sent to
Google to get it, and poof all your encryption/decryption has
been in vain:
uname = SUPER_ENCRYPTED_USER
pwd = SUPER_ENCRYPTED_PASSWORD
u = secret_decrypt(uname)
p = secret_decrypt(pwd)
# regardless of how good the stuff above is
# you're vulnerable right here:
# print "%r %r" % (u, p)
do_google_stuff(u, p)
Unless the Google API you're using allows for chain-of-authority
creation of sub-credentials (so your account creates secondary
accounts that are then distributed in your code/config files and
managed via your dev login), two possibilities that come to mind:
1) put in a bogus uname/password and make them get their own
Google login to put in (which can be done in a config file if
they're squeamish about editing source code) This assumes that
any arbitrary Google login can grant access to what you want
(sometimes this is a developer key, in which case the user would
need to get their own dev key).
2) create a web-service on a server somewhere that has your
credentials, but your distributed code merely hits this web
service instead of having your actual credentials in the source
(plain-text or encrypted). The server would have them (I'd just
put them in plain-text -- no need to be fancy. If you can't
trust your hosting service, don't use them) but you wouldn't
expose the credentials outside the application.
-tkc
--
http://mail.python.org/mailman/listinfo/python-list
