On Sun, Mar 2, 2014 at 5:38 AM, Tim Chase <python.l...@tim.thechases.com> wrote: > That said, if the user has access to the source code, there's nothing > preventing them from changing > > if hash(provided_password) == existing_hash: > do_magic() > > into just > > if True: > do_magic() > > and re-running the program.
They don't necessarily have to have the ability to edit the file. Based on the original description, the problem is that if Python running as that user can read the file (to run it), then so can anything else running as that user. Python doesn't need to be able to change the file. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
