I built a python script (bot) for a game and I do plan on building a GUI for it to make it more user friendly. However I wanted to add some sort of security along with it, something that would only give access to whoever I want, so maybe adding some kind of encryption key to it, I was thinking something along the lines of an encrypted key to unlock the files and with limited use(a few days for example). I am new when it comes to this specific 'security' topic, so I need help better understanding what my options are and what I can do or search for. Thank you for reading.
after days of searching and trying I figured the easiest way was to use a web API to check requests, you can use for example cryptolens web api or any other api and your encrypted file will work just fine.
Related
I am working on a project that requires the program to take in text received via SMS. But, whenever I look on the internet, I find services like twilio, which works only through an external number. That is, one may send a text to the twilio number so that the python program may receive and process it.
For my purposes, I intend people texting me through my personal number, and python accessing the body of that text for processing. Is there any way to do this? (PS: i don't have a mac)
You might want to look into this. It’s not in python, but there having a solution in python isn’t that simple, hence not that popular
As part of our CI/CD we want to add some check to run code on python files and check if there are some secrets in code (like API, passwords etc.).
I saw only programs that do this, and I want to create a Python script that does it.
Does anyone have some suggestion or example for this?
I'm not sure it exactly what you look for but you can use GitGuardian API,
The GitGuardian API puts at your fingertips the power to detect more
than 200 types of secrets in any text content, as well as other
potential security vulnerabilities.
py-gitguardian can be used to create integrations to scan various data
sources, from your workstation's filesystem to your favorite chat
application.
You can check API details here with all the response codes and expected structures on each method.
just take a look GitGuardian/py-gitguardian Github repository,
You can also check this Youtube video that will help you implement this.
Good luck.
I have been working on developing this analytical tool to help interpret and analyze a database that is bundled within the package. It is very important for us to secure the database in a way that can only be accessed with our software. What is the best way of achieving it in Python?
I am aware that there may not be a definitive solution, but deterrence is what really matters here.
Thank you very much.
Someone has gotten Python and SQLCipher working together by rebuilding SQLCipher as a DLL and replacing Python's sqlite3.dll here.
This question comes up on the SQLite users mailing list about once a month.
No matter how much encryption etc you do, if the database is on the client machine then the key to decrypt will also be on the machine at some point. An attacker will be able to get that key since it is their machine.
A better way of looking at this is in terms of money - how much would a bad guy need to spend in order to get the data. This will generally be a few hundred dollars at most. And all it takes is any one person to get the key and they can then publish the database for everyone.
So either go for a web service as mentioned by Donal or just spend a few minutes obfuscating the database. For example if you use APSW then you can write a VFS in a few lines that XORs the database content so regular SQLite will not open it, nor will a file viewer show the normal SQLite header. (There is example code in APSW showing how to do this.)
Consequently anyone who does have the database content had to knowingly do so.
I'm using a raspberry b+ to create some files that i would like to post on FB and Instagram (my account or any account).
I have a good industrial computer bckground but not for the "cloud" stuff.
I seen the libs for python to connect to facebook and to instagram.
(facebook-sdk, python-instagram).
I understand the code of the examples etc...
I'm just missing the context of where should I put this code to be able to interact with these "social media" sites.
Could it work just with a UPLOADER.py ?
Or do I need to set up like a webserver ? Do i need the Json.simple/google and so on ?
I understand if it's a dumb question, but I'm a bit lost...
Few "architectural" directions will do :). I'll get to understand the technical parts bymyself...
Thanks in advance!
Cheers,
Mat
You can set them up on "any" OS. Just make sure you have an internet connection. Also note, that those libraries wan't do anything unless you write the code. So you need to create a lightweight wrapper, that would pass credentials and triggers necessary functions, in a certain order. And that's pretty much it.
Could it work just with a UPLOADER.py ?
Not sure what you referring to.
Or do I need to set up like a webserver ?
No. You dont. It's not a requirements for the library.
Do i need the Json.simple/google
Take a look at the file called requirements.txt it provides a set of libraries you need to have in addition to the standart/builtin libs.
First, my question is not about password hashing, but password encryption. I'm building a desktop application that needs to authentificate the user to a third party service. To speed up the login process, I want to give the user the option to save his credentials. Since I need the password to authentificate him to the service, it can't be hashed.
I thought of using the pyCrypto module and its Blowfish or AES implementation to encrypt the credentials. The problem is where to store the key. I know some applications store the key directly in the source code, but since I am coding an open source application, this doesn't seem like a very efficient solution.
So I was wondering how, on Linux, you would implement user specific or system specific keys to increase password storing security.
If you have a better solution to this problem than using pyCrypto and system/user specific keys, don't hesitate to share it. As I said before, hashing is not a solution and I know password encryption is vulnerable, but I want to give the option to the user. Using Gnome-Keyring is not an option either, since a lot of people (including myself) don't use it.
Encrypting the passwords doesn't really buy you a whole lot more protection than storing in plaintext. Anyone capable of accessing the database probably also has full access to your webserver machines.
However, if the loss of security is acceptable, and you really need this, I'd generate a new keyfile (from a good source of random data) as part of the installation process and use this. Obviously store this key as securely as possible (locked down file permissions etc). Using a single key embedded in the source is not a good idea - there's no reason why seperate installations should have the same keys.
Try using PAM. You can make a module that automatically un-encrypts the key when the user logs in. This is internally how GNOME-Keyring works (if possible). You can even write PAM modules in Python with pam_python.
Password Safe is designed by Bruce Schneier and open source. It's for Windows, but you should be able to see what they are doing and possibly reuse it.
http://www.schneier.com/passsafe.html
http://passwordsafe.sourceforge.net/
Read this: If you type A-E-S into your code, you're doing it wrong.