> On Jan 19, 2015, at 7:27 AM, Bob Hood <bho...@comcast.net> wrote:
>
> On 1/19/2015 12:07 AM, Tim Roberts wrote:
>> On Jan 18, 2015, at 12:11 PM, Alp Tunga Özkul <alptungaz...@hotmail.com>
>> wrote:
>>>
>>> As far as i know Username + Password =(MD5/SHA) Hash. And it is
>>> irreversible. I need the actual Username and Password to login to Servers
>>> (WMI).
>>>
>>> Because lets say there is 10 different servers with 10 different
>>> credentials that my user use to access those servers, i need to store user
>>> given credentials for the next session.
>>
>> There is simply no general solution. If your program can recover the
>> plaintext password, then anyone with access to the text files can recover
>> the plaintext password.
>>
>> If you don’t want to store the passwords, then your only solution is to ask
>> the user to enter them every time.
>
> I'm probably missing some crucial point here, but with Python being the host
> environment, why wouldn't the Python "keyring" module provide the hardened
> storage the OP is seeking? Each major OS (Windows, OS X and Linux) has an
> operating system-hosted location for storing sensitive data--such as
> passwords--so they cannot easily be accessed. The "keyring" provides a
> framework for accessing each.
>
> Absolutely no need to store them in plain text files on any OS.
The advantage of text files is that it makes it clear that the storage is NOT
secure. The drawback of other schemes is that they may also be insecure, but
give the user an illusion of security. For example, if your script can extract
the secret, so presumably can any other script or program. If so, why not use
a text file? At least that way it’s clear that the barn door is wide open.
Yes, OSs have some way of storing sensitive data. If security matters, you
should look closely at how those things work, and whether they actually deliver
the security required for whatever data you’re putting there. You should also
document clearly how things are stored, so that users of your software can
independently make that evaluation for themselves.
paul
_______________________________________________
python-win32 mailing list
python-win32@python.org
https://mail.python.org/mailman/listinfo/python-win32
