Hello Python Programmers!
I have created a fully-functioning user account system using MongoDB to store the usernames and passwords, along with data associated with that account. It works perfectly and I'm extremely happy with it. You can sign in, sign up, reset password, and more. There's only one problem though now.
I worry about users decompiling the source and being able to take the MongoDB login key/string and remotely accessing the database outside of the application. This is dangerous because it could allow for a data leak of usernames and passwords (along with other data) contained within the database. I am unaware of a method to "obfuscate" the string in a secure way to prevent that, or other methods of authenticating the connection to the database.
I could use PyArmor for obfuscation, but even that I don't trust enough. I know PyArmor has been deobfuscated before, and as said by a wise programmer, "Anything that can be read be a computer can be read by humans". With that being said, if someone can deobfuscate it, they can get the string.
On top of this, I also don't know how to authenticate a user login. Once the user succesfully logs in, two variables marked as "LoggedIn" and "LoggedUser" are changed to their respective values. But, as far as I'm aware from a security perspective, these values could be spoofed and then cause easy access to any benefits a logged in user would have... or even spoof being a logged in user and change values from the database on that user.
If anyone knows ways to protect the string and authenticate the user better, please let me know.
Thanks!
Related
I want to make a django site which has no profile authentication or signing in. Anonymous users will be able to make a form that will be potentially open to anyone else on the site.
I'd like to do two things:
Somehow limit access to this form to certain people, without on site profiles. Maybe passwords/encryption keys distributed by email? Or secret one-time links using random URL's to make finding them/crawling them difficult, only accessible to those who know about them?
A way that the user who created the form can delete the form. Again, perhaps email a secret password upon creation to whoever created the form, which can let them delete the form?
Are there any Django plug-ins I should look into, or does anyone have tips about how I should go about this? I'm interested in the shareasecret site, and aspects of security in one time links without profile authentication, however, I'm not sure of best practices and ways to go about this sort of thing.
There is no best practice nor a plugin for this use case. It is a common-or-garden, simple use case which should not demand that much of code and logic that you look for some plugin or best practice. Just draw the picture you imagine, sit and write your code. if you have any exact problems in your code, then ask a question.
Given the specific site you're trying to recreate has an api, it would appear that the details aren't matched against the user, but the post itself. so simply make a model that has the two things that it requires
Query Params
SECRET_KEY: the unique key for this secret.
passphrase (if required): the passphrase is required only if the secret was create with one.
So either I'd suggest use the same method yourself, or just use their api.
I need the user to input their password into my script so that I can then use that password to perform an LDAP operation on their account. It's very simple:
password = getpass.getpass()
ldapconn.simple_bind_s(binddn, password)
Even though the password is never leaving the script and is never displayed in plain text, isn't it still vulnerable to something like a memory dump? What's the best way to secure this password within the script, but still make use of it?
This post is interesting: https://security.stackexchange.com/questions/29019/are-passwords-stored-in-memory-safe
Primarily because the answers confirm my suspicion that passwords stored in RAM are not safe. My question is, how is one supposed to do work that requires that sensitive information be stored in RAM? No one on that post really posts a practical real-world solution, just a lot of a confirmation and details as to why RAM is not safe. Using my short example of an LDAP connection above, what concrete changes could you make to better secure the password variable?
Using my short example of an LDAP connection above, what concrete changes could you make to better secure the password variable?
None. You either:
Need to have the plain text to send to the LDAP API,
In which case you need to have the plain text, which an attacker could get
Or you need encrypted text which you decrypt, which an attacker could get after you decrypt it
Need a password hash to send to the LDAP API
Then the attacker could get the hash and use it. It's effectively a plain password at that point.
The solutions which exist are to have a design which does not involve prompting the user for their password at all, and does not involve sending plain text passwords to other services.
e.g. you have a properly working Kerberos environment with synchronised time, users getting Kerberos tickets at first login, and those tickets being used to authenticate with services without password prompts. Tickets have a limited lifetime and Kerberos replay detection is built in, so that if they are taken from memory they are much less useful than a password.
So the user hits a password prompt once for the entire environment, not once per script they run or service they access, and that password is handled by one centralized, well reviewed, low level OS process.
I've got a question concerning Python and MySQL. I come from a PHP background and I am wondering how the workflow will be in Python. I can't find any good answers on that on the web and hope anybody can help me understanding this thing. So let me quickly explain what i'm stucked with:
In PHP i did a lot of little things in combination with MySQL, meaning loading data from a database and writing to it. As long as the server on which the php files were stored was correctly set up, it was save to do that. The connection to the database including the username, servername, password and database name was saved in the php file. As php files get stored on the server and the source code won't get shown to the user itself, the user couldn't see the authentication data to connect to the database.
Now, I am wondering how that whole concept can be transfered to Python in a secure way so that the user can't see the authentication data in the source text.
I plan to program a Python program in which the user has to authenticate. Let's assume I created a MySQL database on a webserver and in the Python program the user can login. As soon the user clicks on the login-button a connection to the web-database is done. That would mean that in my source code i need to write down the neccessary data like username, password, db-name and server name for that specific database. Here is my Question: That would mean that everybody could see that authentication data which would be very unsecure, wouldn't it? Even if the user has just a .pyc file he could then recompile it and see the standard .py file in which he could see all that very sensitive data.
So I was wondering how to securely hide that authentication data from the user who will later use my Python program.
As a pythoneer who long time ago was working in php, I think I know what you are after.
First of all, the HTML code will not contain any database credentials unless you put them into the HTML view. An easy way of structuring what goes into the HTML views is to use a framework like Django. It handles the MVC of web applications and does connections to databases.
If you want your database credentials to be very safe, you can have your web application ask for them at startup, thus never having them written down in a file. Keep them secure using keypass or similar password storage systems.
This way they are also not checked in to any version control system, where the most common place for database password leakage occurs.
If you are a newbie to webapp programming in python, I would suggest to follow a Django tutorial it should help you get on the track.
This question is a bit far fetched (i don't even know if the way i'm going about doing this is correct).
I have a script that gathers some information on a computer. The intent is to have that script ftp/sftp/any-transfer etc some data to a remote server. This script is intended to be distributed among many people also.
Is it possible to hide the password/user of remote server in the script (or perhaps even the implementation details?). I was thinking of encoding it in some way. Any suggestions?
Also, in compiled languages like java or C, is it safe to just distribute around a compiled version of the code?
Thanks.
The answer is no. You can't put the authentication details into the program and make it impossible for users to get those same authentication details. You can try to obfuscate them, but it is not possible to ensure that they cannot be read.
Compiling the code will not even obfuscate them very much.
One approach to the problem would be to implement a REST web interface and supply each distribution of the program with an API key of some sort. Then set up the program to connect to the interface over SSL using its key and put whatever information it needs there. Then you could track which version is connecting from where and limit each distribution of the program to updating a restricted set of resources on the server. Furthermore you could use server heuristics to guess if an api key has leaked and block an account if that occurs.
Another way would be if all of the hosts/users of the program are trusted, then you could set up user accounts on a server node and each script could authenticate with its own username and password or SSH key. Your server node would then have to restrict access based on what each user is allowed to update. Using SSH key based authentication allows you to avoid leaving the passwords around while still allowing authenticated access to your server.
Just set the name to "username" and password to "password", and then when you give it to your friends, provision an account/credential that's only for them, and tell them to change the script and be done with it. That's the best/easiest way to do this.
to add onto jmh's comments and answer another part of your question, it is possible to decompile the java from the .class byte code and get almost exactly what the .java file contains so that won't help you. C is more difficult to piece back together but again, its certainly possible.
I sometimes compress credentials with zlib and compile to pyo file.
It protect from "open in editor and press ctrl+f" and from not-programmers only.
Sometimes I used PGP cryptography.)
I'm trying to make a website that requires users to enter information about themselves. In order to check to see if this information is correct, it needs to enter the information on another website (that has an entire database of these types of users). It will then return the results found. How do I do such a thing? Where do I start? I tried googling but I couldn't even think of what this would be called?
Not really sure what you're looking to do as it doesn't make much sense. But you need to validate data provided by users on your site against data available in another database that isn't accessible to your app.
This means you need to send the data your users are providing to you to the other service that is providing the validation. Perhaps this other service provides an API to do this, perhaps it just provides a form you can post the data to (with python urllib2).
Without have a lot more information on what you're looking to do I can't even venture to guess whether either of these two things are feasible.