I have a project to send, where basically I have to send an email using python.
My code is complete so I was about to send it.
Because of the fact the module smtplib needs my email log in, I compiled my code so people could no see my email and password, however, even compiled, when we look at the hex code, we can still see my email and password (and some print)
Is there a way to compile so we have no information left after?
Thank you very much for your help and time !
Generally it is a bad idea to hold sensitive information in the code. There is no uniformly the best way to do it, but common practices to store credentials include:
in a separate code file not in your code base (local_settings.py, added to .gitignore)
in a separate config file outside of the project (e.g. json or yml)
environment variables (read using os.environ)
command line parameters
request as user input
a combination of all above
Related
I want to make a python program (with a PyQt GUI, but I don't know whether that is relevant) that has to save some information that I want to store even when the program closes. Example for information I want to store:
The user can search for a file in a file dialog window. I want to start the file dialog window in the previously used directory, even if the program is closed in between file searches.
The user can enter their own categories to sort items, building up on some of my predefined categories. These new categories should be available the next time the program starts.
Now I'm wondering what the proper way to store such information is. Should I use pickle? A proper database (I know a tiny bit of sqlite3, but would have to read up on that)? A simple text file that I parse myself? One thing for data like in example 1., another for data like in example 2.?
Also, whatever way to store it I use, where would I put that file?
I'm asking in the context that I might want to later make my program available to others as a standalone application (using py2app, py2exe or PyInstaller).
Right now I'm just saving a pickle file in the directory that my .py file is in, like this answer reconmends, but the answer also specifically mentions:
for a personal project it might be enough.
(emphasis mine)
Is using pickle also the "proper, professional" way, if I want to make the program available to other people as a standalone application?
Choice depends on your approach to data you store, which is yours?:
user should be able to alter it without usage of my program
user should be prevented from altering it with program other than my program
If first you might consider deploying JSON open-standard file format, for which Python has ready library called json. In effect you get text (which you can save to file) which is human-readable and can be edited in text editor. Also there exist JSON file viewers and editors which made viewing/editing of JSON files easier.
I think SQLite3 is the better solution in this case as Moldovan commented.
There is a problem in pickle, sometimes pickling format can be change across python versions and there are greater advantages of using sqlite3.
I'm coming to you with the following issue:
I have a bunch of physical boxes onto which I still stick QR codes generated using a python module named qrcode. In a nutshell, what I would like to do is everytime someone wants to take the object contained in a box, he scans the qr code with his phone, then takes it and put it back when he is done, not forgetting to scan the QR code again.
Pretty simple, isn't it?
I already have a django table containing all my objects.
Now my question is related to the design. I suspect the easiest way to achieve that is to have a POST request link in the QR code which will create a new entry in a table with the name of the object that has been picked or put back, the time (I would like to store this information).
If that's the correct way to do, how would you approach it? I'm not too sure I see how to make a POST request with a QR code. Would you have any idea?
Thanks.
PS: Another alternative I can think of would be to a link in the QR code to a form with a dummy button the user would click on. Once clicked the button would update the database. But I would fine a solution without any button more convenient...
The question boils down to a few choices: (a) what data do you want to encode into the QR code; (b) what app will you use to scan the QR code; and (c) how do you want the app to use / respond to the encoded data.
If you want your users to use off-the-shelf QR code readers (like free smartphone apps), then encoding a full URL to the appropriate API on your backend makes sense. Whether this should be a GET or POST depends on the QR code reader. I'd expect most to use GET, but you should verify that for your choice of app. That should be functionally fine, if you don't have any concerns about who should be able to scan the code.
If you want more control, e.g. you'd like to keep track of who scanned the code or other info not available to the server side just from a static URL request, you need a different approach. Something like, store the item ID (not URL) in the QR code; create your own simple QR code scanner app (many good examples exist) and add a little extra logic to that client, like requiring the user to log in with an ID + password, and build the URL dynamically from the item ID and the user ID. Many security variations possible (like JWT token) -- how you do that won't be dictated by the contents of the QR code. You could do a lot of other things in that QR code scanner / client, like add GPS location, ask the user to indicate why or where they're taking the item, etc.
So you can choose between a simple way with no controls, and a more complex way that would allow you to layer in whatever other controls and extra data you need.
If security is not a big concern: an API with a simple get method that takes as argument the object id and I will presume you have the code to make sure if the object is given as taken it will be switched to returned.
And why not post? POST needs headers that you can't include in qr unless you have a dedicated app, so GET and the ability to use example.com/api/leaseandret?id=12345 is a better alternative that allows for better usage with a QR.
A summary of the methods*
* A note here is that GET is not forbidden from being used to modify data and send data to a server GET is exclusively for getting data from a REST purist standpoint.
I have never been able to get Rest APIs to completely work with AWS. The error messages I have seen have been about the time not being correct or the command not being recognized (e.g., list-users). I have verified the "version" was appropriate for the command with AWS's website documentation.
I am trying to use curl with Linux to list the users or instances in my AWS account. I have a problem when I run it. My current error, that I would like to focus on, is "request signatures calculated does not match the signature provided." I went through the process of creating a signature carefully. It wasn't that surprising that it did not work given the hours of trouble and the seemingly many potential pitfalls in the tedious task of creating a signature.
I used this link to generate the hexadecimal string for the signature:
http://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html#signature-v4-examples-python
I analyzed the output of the signatureKey using a modification of the Python code in the above link. The result is not hexadecimal nor alphanumeric. The result is a combination of special non-alphabet, non-numeric symbols and alphabet letters. I tried to work around this problem by using import binascii and binascii.hexlify. I was able to get a hexadecimal string from otherwise strictly adhering to the sample of Python code from the above link. I tend to think my signatureKey is not right because of this binascii work that I had to do. But what did I do wrong? How is that Python code supposed to calculate a signature?
Alternatively, are there thorough directions not written by Amazon to create a signature key? The process is not simple and seemingly error prone. I could start over with creating a signature if someone cannot clearly tell me how to create a signature. Amazon's forums have few postings related to this topic. I'd prefer to create the signature with Python. If someone recommends Ruby (an accessible language for me), I could try something like that.
I'm trying to create a python script which installs a default signature for a Mac Mail account. So far, my script successfully installs the signature by manipulating ubiquitous_AllSignatures.plist and creating a corresponding ubiquitous_<SignatureId>.mailsignature. Both of these files are at ~/Library/Mobile Documents/com~apple~mail/Data/V3/MailData/Signatures/. The problem is the installed signature is not recognized by Mail as the default signature, and in order to use the signature you have to manually select it in the signature dropdown while composing an email.
I've searched the file system long and hard to find a relevant plist which dictates the 'default' signature behavior for a given account. I have grep'd for the Signature ID and the only place I can see it other than the places mentioned above is in the sqlite files in ~/Library/Application Support/CloudDocs/session/db/. I don't think this is a good sign for the feasibility of my default signature install.
I understand this is a very specialized/weird/hacky problem, but I'm looking for some insight into the underlying mechanism controlling the default signature for an account in Mac Mail, or at least confirmation of my suspicions that it's impossible to do this without the consent of Mail. Any feedback is much appreciated.
Ok I realize this is incredibly obscure, but because I have been helped greatly by self-answers to obscure questions I'm gonna try to help anyone who may face this problem in the future.
The 'default' signature is indeed set in a plist. This plist is ~/Library/Containers/com.apple.mail/Data/Library/Preferences/com.apple.mail.plist. Be weary, this is a binary plist, which is different and much less readable than an xml plist. But fear not, you can transform back and forth b/w binary and xml with the plutil utility. You can access this utility in python with biplist, hooray! Now it's just a matter of manipulating the SignaturesSelected dictionary within the plist by adding the signature id (string) for the account id (key). And you will have set your default signature!
1 -
In my email-sending script, I store spaced-out emails in a string, then I use ", ".join(to.split()). However, it looks like the script only sends to the 1st email - is it something to do with RFC822 format? If so, how can I fix this?
2 -
I feel a bit edgy having my password visable in my script. Is there a way to retrieve this info from cookies or saved passwords from firefox?
Thanks in advance!
Use ', '.join() for the list in the To: or Cc: header, but the headers are only for show. What determines where the mail actually goes is the RCPT envelope. Assuming you're using smtplib, that's the second argument:
connection.sendmail(senderaddress, to.split(), mailtext)
2: it's possible, but far from straightforward. Browsers don't want external programs looking at their security-sensitive stored data.
For the second part of your question, you could take a look at the netrc module (http://docs.python.org/library/netrc.html).
This isn't much better than having the password in the script, but it does allow the script to be readable for anyone using the computer, while you have the password in a file in your home directory that is only readable by you.