Passing login credentials into a python script for a website. However, I want the credentials to not be stored as plaintext in the .py files. How can I securely store the login credentials in a .py file so it can use them to login? Answer You can use an environmental file in your project root directory and load in the
Tag: security
I have problems with Python sqlite3 library, for protections against SQL Injections
I’m trying to prevent SQL injections with code in Python, using library sqlite3. I went accross all websites in existence concerning this issue, but none of them are fixing my problem. This statement is here is executed via an email_in_use(email:str) function, to check if an email does exist in the creditentials table (I know I could use count to do
Security & Pyscript
I am coding a Python editor, which can execute python codes and returns the output. My initial idea was to code a backend service for it, that will run the Python script and return the output. However with the release of Pyscript, I am wondering if I can do it in the frontend. One of my biggest concerns is the
Is distributing python source code in Docker secure?
I am about to decide on programming language for the project. The requirements are that some of customers want to run application on isolated servers without external internet access. To do that I need to distribute application to them and cannot use SaaS approach running on, for example, my cloud (what I’d prefer to do…). The problem is that if
hash function in Python 3.3 returns different results between sessions
I’ve implemented a BloomFilter in python 3.3, and got different results every session. Drilling down this weird behavior got me to the internal hash() function – it returns different hash values for the same string every session. Example: —– opening a new python console —– Why is this happening? Why is this useful? Answer Python uses a random hash seed
Encrypted and secure docker containers
We all know situations when you cannot go open source and freely distribute software – and I am in one of these situations. I have an app that consists of a number of binaries (compiled from C sources) and Python code that wraps it all into a system. This app used to work as a cloud solution so users had
Mark data as sensitive in python
I need to store a user’s password for a short period of time in memory. How can I do so yet not have such information accidentally disclosed in coredumps or tracebacks? Is there a way to mark a value as “sensitive”, so it’s not saved anywhere by a debugger? Answer Edit I have made a solution that uses ctypes (which
Securely Erasing Password in Memory (Python)
How do you store a password entered by the user in memory and erase it securely after it is no longer need? To elaborate, currently we have the following code: After calling the login method, what do we need to do to fill the area of memory that contains password with garbled characters so that someone cannot recover the password