#! rnews 1990 Newsgroups: comp.lang.python Path: news.xs4all.nl!newsspool.news.xs4all.nl!transit.news.xs4all.nl!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!nntp.abs.net!attws2!ip.att.net!NetNews1!xyzzy!nntp From: Harry George <[EMAIL PROTECTED]> Subject: Re: Py2Exe security X-Nntp-Posting-Host: cola2.ca.boeing.com Content-Type: text/plain; charset=us-ascii Message-ID: <[EMAIL PROTECTED]> User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.4 Lines: 35 Sender: [EMAIL PROTECTED] Organization: The Boeing Company References: <[EMAIL PROTECTED]> Mime-Version: 1.0 Date: Tue, 3 May 2005 13:18:19 GMT Xref: news.xs4all.nl comp.lang.python:375624
"Terje Johan Abrahamsen" <[EMAIL PROTECTED]> writes: > Hello. > > We have created some programs in Python that are to be distributed > around. The programs will be made into .exe files by py2exe. However, > in the source there are certain webadresses, logins and passwords that > the programs use, that we would like to keep away from the end users. > They will use them thru the program, but we would like them not to be > extracted and used separately for other purposes. > > Is the compiling by py2exe enough? I have opened all the files in the > directory py2exe has made, and have not found anything I could read in > clear text. However, that does not mean that others can not. Is it > possible to extract these passwords, adresses and logins from the > sourcecode? If py2exe is not enough, is there some other simple tools > we can use to hide the source from the endusers? > > Thanks in advance. > Putting passwords in your program is a bad idea, with or without Python and py2exe. Even if you wrote the program in obfuscated C, and stripped comments etc, an attacker could use "strings" to search for candidate passwords. Or just start at the beginning of the program and use each byte as a candidate starting char. Since you are working on MS Windows, consider getting: M. Howard, D. LeBlanc, "Writing Secure Code", Microsoft Press, 2002. -- [EMAIL PROTECTED] 6-6M21 BCA CompArch Design Engineering Phone: (425) 294-4718 -- http://mail.python.org/mailman/listinfo/python-list
