I am working on a project that uses sensitive information (such as a password) and does something with it. The issue is that I do not want that information anywhere accessible on my computer. After doing much research I found the best few solutions here. Here are them in order
Its first recommendation is to encode your python file into pyc however "there are ready-made decompiler tools, and the cracking cost is low"
The other would be to obfuscate but I believe the password would still be in the file or at risk of being found out.
Then there is py2exe- however, I want it to have the ability to run on multiple platforms (macOS and Linux). It could also still be decompiled according to the website above.
The last would be to use cythonize which makes it difficult to crack however feels extremely convoluted- I would also have to recompile for Windows and Unix as well- but it works.
I also tried using input() in my code but I found that what you type in the console is stored as well as displayed on your screen.
Is Cythonize the only way to simply make the code encrypted? Or hide the password in some way?
CodePudding user response:
Never store a password hardcoded into source/binary files. Always get the password from the user. Yes, terminals can leave a trace of the input. To mitigate this there is a special python library; getpass
from getpass import getpass
val =input("Do you want to enter your password secretly? (Y/N)\n")
if val == 'N':
password = input("Enter your password that has good strenght :")
else:
password = getpass("Secret mode!!! Enter your password that has good strenght :")
CodePudding user response:
If by unreadable you mean not readable by the machine, and if you use GitHub, just put yourPythonFile.py in a file called .gitignore.