Hello.
We have created some programs in Python that are to be distributed
around. The programs will be made into .exe files by py2exe. However,
in the source there are certain webadresses, logins and passwords that
the programs use, that we would like to keep away from the end users.
They will use them thru the program, but we would like them not to be
extracted and used separately for other purposes.
Is the compiling by py2exe enough? I have opened all the files in the
directory py2exe has made, and have not found anything I could read in
clear text. However, that does not mean that others can not. Is it
possible to extract these passwords, adresses and logins from the
sourcecode? If py2exe is not enough, is there some other simple tools
we can use to hide the source from the endusers?
Thanks in advance. 12 3500
someone can sniff the client for the information it sends/receives so
its possible to extract the info that way.
On 3 May 2005 05:03:00 -0700, Terje Johan Abrahamsen <te*****@gmail. com> wrote: We have created some programs in Python that are to be distributed around. The programs will be made into .exe files by py2exe. However, in the source there are certain webadresses, logins and passwords that the programs use, that we would like to keep away from the end users. They will use them thru the program, but we would like them not to be extracted and used separately for other purposes.
If your program can access these details, then a suficiently
determined attacker can access them too, regardless of what you do.
--
Cheers,
Simon B, si***@brunningo nline.net, http://www.brunningonline.net/simon/blog/
Simon Brunning wrote: On 3 May 2005 05:03:00 -0700, Terje Johan Abrahamsen
<te*****@gmail. com> wrote: We have created some programs in Python that are to be distributed around. The programs will be made into .exe files by py2exe.
However, in the source there are certain webadresses, logins and passwords
that the programs use, that we would like to keep away from the end
users. They will use them thru the program, but we would like them not to
be extracted and used separately for other purposes.
If your program can access these details, then a suficiently determined attacker can access them too, regardless of what you do.
Yes, I assume so. Luckily it is not national secrets we are trying to
hide. But, how does py2exe compare with for example a program written
in a compiled language like C++? Is it easier to find the info in a
py2exe .exe than a c++ compiled c++?
Terje Johan Abrahamsen wrote: If your program can access these details, then a suficiently determined attacker can access them too, regardless of what you do.
Yes, I assume so. Luckily it is not national secrets we are trying to hide. But, how does py2exe compare with for example a program written in a compiled language like C++? Is it easier to find the info in a py2exe .exe than a c++ compiled c++?
Its not the exe file you need to be concerned about, its the pyc files
that are created with it. I imagine the strings will be in plain text
form, just like compiled C++.
As others have pointed out, it would be impossible to prevent an
attacker from discovering information inside the app. The best you can
do is obfuscate the strings somehow and 'un-obfuscate' them when the app
runs. That way they at least wont be obvious. Take a look at my
signature for an example!
Will McGugan
-- http://www.willmcgugan.com
"".join( [ {'*':'@','^':'. '}.get(c,None) or chr(97+(ord(c)-84)%26) for c
in "jvyy*jvyyzptht na^pbz" ] )
"Terje Johan Abrahamsen" <te*****@gmail. com> writes: Hello.
We have created some programs in Python that are to be distributed around. The programs will be made into .exe files by py2exe. However, in the source there are certain webadresses, logins and passwords that the programs use, that we would like to keep away from the end users. They will use them thru the program, but we would like them not to be extracted and used separately for other purposes.
Is the compiling by py2exe enough? I have opened all the files in the directory py2exe has made, and have not found anything I could read in clear text. However, that does not mean that others can not. Is it possible to extract these passwords, adresses and logins from the sourcecode? If py2exe is not enough, is there some other simple tools we can use to hide the source from the endusers?
Thanks in advance.
Putting passwords in your program is a bad idea, with or without
Python and py2exe. Even if you wrote the program in obfuscated C, and
stripped comments etc, an attacker could use "strings" to search for
candidate passwords. Or just start at the beginning of the program
and use each byte as a candidate starting char.
Since you are working on MS Windows, consider getting:
M. Howard, D. LeBlanc, "Writing Secure Code", Microsoft Press, 2002.
-- ha************@ boeing.com
6-6M21 BCA CompArch Design Engineering
Phone: (425) 294-4718
On Tue, May 03, 2005 at 06:01:33AM -0700, Terje Johan Abrahamsen wrote: Simon Brunning wrote: On 3 May 2005 05:03:00 -0700, Terje Johan Abrahamsen <te*****@gmail. com> wrote: We have created some programs in Python that are to be distributed around. The programs will be made into .exe files by py2exe. However, in the source there are certain webadresses, logins and passwords that the programs use, that we would like to keep away from the end users. They will use them thru the program, but we would like them not to be extracted and used separately for other purposes.
If your program can access these details, then a suficiently determined attacker can access them too, regardless of what you do.
Yes, I assume so. Luckily it is not national secrets we are trying to hide. But, how does py2exe compare with for example a program written in a compiled language like C++? Is it easier to find the info in a py2exe .exe than a c++ compiled c++?
About the same. C++ programs do have their string constants as cleartext
in the binary too.
Personally I'd be more concerned about the network side (use https and
verify the server certificate), and debugging tools that might be able
to intercept your traffic anyway.
Andreas
I suggest You to use base 64 encoded strings
something like
password = 'aGlkZGVuX3Bhc3 N3b3Jk\n'
password = pasword.decode( "base64")
On 2005-05-03, mahasamatman <vl************ ***@gmail.com> wrote: I suggest You to use base 64 encoded strings something like password = 'aGlkZGVuX3Bhc3 N3b3Jk\n' password = pasword.decode( "base64")
That will delay the attacker for a few minutes.
--
Grant Edwards grante Yow! Do you like "TENDER
at VITTLES"?
visi.com
Grant Edwards wrote: On 2005-05-03, mahasamatman <vl************ ***@gmail.com> wrote:password = pasword.decode( "base64")
That will delay the attacker for a few minutes.
True, but a script kiddie that only knows about the 'strings' program
will be forever baffled :)
Though deprecated, I think the enigma cipher (rotor) is still present in
python - it could find its use in simple cases like this. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: RJS |
last post by:
Hi all,
I can't get a py2exe compiled app to run with numarray (numarray-0.5.win32-
py2.2).
Also wxPythonWIN32-2.3.3.1-Py22 and ActivePython-2.2.1-222.
In the sample below, commenting out "import numarray" allows the exe to
run. Left in, I get "4.exe has generated errors" etc.
I'm going around and around and there isn't much on Google.
py2exe output is last.
|
by: Giles Brown |
last post by:
I'm feeling quite dumb this morning.
I'm trying to build a COM server DLL using py2exe and it ain't working.
Here's what ain't working...
setup_dll.py based on py2exe sample:
"""from distutils.core import setup
import py2exe
|
by: Stefan Behrens |
last post by:
Hi,
does anybody know how I can get py2exe to work with wxPython's
wxCalendarCtrl?
Currently, I have just a "standard" setup.py, and py2exe gives me a
syntax error.
Do I need to include any special extension and how?
Below is the output I get as well as a small demo app to reproduce the
problem.
|
by: Kathleen Kudzma |
last post by:
I'm having a problem with py2exe for Python 2.3. I got fixed the
Lookuperror no codec search functions registered: can't find encoding by
following the instructions on the py2exe page (added -packages encodings
--force-imports encodings). This resolved the codec error. When I tried to
create an exe with py2exe I still got the following warnings. Please see
the new error I got (after warnings).
...
|
by: Kathleen Kudzma |
last post by:
Does anyone know how to resolve the following problem that I'm getting in
Python 2.2 and 2.3?
PROBLEM: When I try to create a classReader object I get an exception:
"SAXReaderNotAvailable: No parsers found". This only happens when I run the
..EXE; it does not happen if I run the .PY file. When I'm running the .EXE
this exception doesn't happen immediately. It happens as soon as I try to
create a classReader object.
Please see the...
| |
by: Steven Bell |
last post by:
I am trying to build an executable from a python script.
Using python 2.3, SOAPpy 0.10.3, Py2exe 0.4.2.
Build command: python setup.py py2exe -w --includes
xml.sax.drivers2.drv_py
I get the following output:
warning: py2exe: *************************************************************************
warning: py2exe: * The following modules were not found:
warning: py2exe: * Carbon.Folder
|
by: Luc Saffre |
last post by:
Hello,
I had a strange problem when freezing (using either py2exe or McMillan
installer) a script that imports reportlab (which imports PIL (which
imports FixTk))).
- Python 2.3.3c (also with Python 2.3)
- PIL 1.1.4
- Installer or py2exe : latest versions.
|
by: Golawala, Moiz M (GE Infrastructure) |
last post by:
Hi Folks,
I am trying to build my application using py2exe version0.5.2 for python 2.3 but the build does not seem to pick the pyro modules. I used an earlier version of py2exe to build the same software and that version correctly picked up the pyro modules.
Please help.
Regards,
Moiz Golawala
Enterprise Solutions
|
by: Kinsley Turner |
last post by:
Hey,
Does os.popen() actually work in a py2exe win32 package?
As far as I can tell, it just doesn't seem to do anything,
although it seems to work ok outside of py2exe.
Any hints? There does seem to be a popen.exe combined
with py2exe... Ah... maybe that's not being included in the
package!?
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |