Re: [Tutor] passwords in scripts
> an SSH implementation for them exists, but it is not > worth my while trying to find out, because I will not > be allowed to install anything on them (or even > suggest it). So I access them using telnetlib: Hmm, they won;t lket you install a secure access tool but are happy to let you in with a known security horror in the shapoe of telnet An interesting approach to sys admin... > But surely my problem is a very common one. Every > web-app must supply a username and password to make a > connection to its backend database, for example. command line arguments? $ startapp -d mydb -l user/password & That way they are 1) kept secret(especially if you turn shell history off ;-) and 2) can be changed every time you restart the server app and 3) you can have production and test databases running simultaneously... Alan G ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Searching for email id in MySQL giving wrong results
John Joseph wrote:
> Hi
>Thanks to Allan,Danny,Pujo
>I did my simple python script for MySQL , the
> scripts add the data , and search for the data and
> display
> I have problem in searching email id ,ie
> If search for the [EMAIL PROTECTED] , I will not get any
> result , Guidance and advice needed for the reason
> for this behavior
Does it work when you search for other data such as name or phone?
Can you show the output from a short run where you add a contact,
display the data and search for an email?
Kent
> I had added my script in this mail
> Thanks
> Joseph John
>
> *
>
> """ This program is for to learn
> how to enter data to MySQL using python
> How to search
> not using OOP
>
> Have problem in searching email-id
> Why I do not get correct results when
> searching email id
>"@" string search containg "@" gives empty
> results
>
> """
>
>
>
> import MySQLdb
>
> def selecter():
> choice = None
> while choice != "0":
> print \
> """
> Data Base Entry for the Testing Env
> 0 - Quit
> 1 - Enter the Data
> 2 - Display The data
> 3 - Search The Company
> """
> choice = raw_input("Choice :")
> print
>
> if choice == "0":
> print "Good Bye ..."
> elif choice == "1":
> dataentry()
>
> elif choice == "2":
> datashow()
> elif choice == "3":
> datasearch()
>
>
>
> def dataentry():
> name = raw_input("Enter the name of the company ")
> email_id = raw_input("\n Enter the email ID : ")
> phone_no = raw_input("Enter the Phone No : ")
> fax_no = raw_input("\n Enter the fax no : ")
>
> db = MySQLdb.connect(host="localhost",user = "john",
> passwd = "asdlkj", db = 'learnpython')
> entry = db.cursor()
> #entry.execute("""INSERT INTO contact
> """,(name,email_id,phone_no,fax_no,))
> entry.execute("""INSERT INTO
> contact(name,email_id,phone_no,fax_no) VALUES
> (%s,%s,%s,%s)""",(name,email_id,phone_no,fax_no,))
> print name , email_id , fax_no, phone_no
>
>
>
>
> def datashow():
> db = MySQLdb.connect(host="localhost",user = "john",
> passwd = "asdlkj", db = 'learnpython')
> entry = db.cursor()
> entry.execute("SELECT * from contact")
> p = entry.fetchall()
> print p
>
> def datasearch():
> print "Do U want to search by Name , email id , phone
> or fax "
> choice = None
> while choice != "0":
> print \
> """
>U want to search the contacts by
> 0 - Quit
> 1 - Name
> 2 - email_id
> 3 - phone
> 4 - fax
> """
> choice = raw_input("Choice :")
> print
>
> if choice == "0":
> print "Good Bye ..."
> elif choice == "1":
> searchbyname()
>
> elif choice == "2":
> searchbyemail()
>
> elif choice == "3":
> searchbyphone()
> elif choice == "4":
> searchbyfax()
>
> def searchbyname():
> s_name = raw_input("Enter the name to be searched ")
> db = MySQLdb.connect(host="localhost",user = "john",
> passwd = "asdlkj", db = 'learnpython')
> entry = db.cursor()
> entry.execute("""SELECT * FROM contact WHERE name =
> %s""", (s_name,))
> p = entry.fetchall()
> print p
>
> def searchbyemail():
> s_email = raw_input("Enter the Email to be searched
> ")
> db = MySQLdb.connect(host="localhost",user = "john",
> passwd = "asdlkj", db = 'learnpython')
> entry = db.cursor()
> entry.execute("""SELECT * FROM contact WHERE email_id
> = %s""", (s_email,))
> p = entry.fetchall()
> print p
>
>
> def searchbyphone():
> s_phone= raw_input("Enter the Phone no to be
> searched ")
> db = MySQLdb.connect(host="localhost",user = "john",
> passwd = "asdlkj", db = 'learnpython')
> entry = db.cursor()
> entry.execute("""SELECT * FROM contact WHERE phone_no
> = %s""", (s_phone,))
> p = entry.fetchall()
> print p
>
>
>
> def searchbyfax():
> s_fax = raw_input("Enter the FAX no to be searched
> ")
> db = MySQLdb.connect(host="localhost",user = "john",
> passwd = "asdlkj", db = 'learnpython')
> entry = db.cursor(
[Tutor] Python on Fedora
FC4 (the latest finished one) has python 2.4.1 as part of the distro (I think RedHat actually use python for some of their scripts). Just pull up a terminal and type 'python' and you should get the prompt... If you _are_ running FC4 and have more probs, feel free to drop me a line. at matt at mwilliams.org and I can try and help (since I am sat in front of an FC4 machine). WRT EMACS, I've never tried to get it going I use Eclipse and PyDev, or else SPE is worth a look. HTH, Matt ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] passwords in scripts
Hi Ivan I'm not sure I understand what you are saying here. Surely if the file is compiled it can just run (and will only need to be RE-compiled when I have to change the code (such as when one of the servers has their password changed). I would never need to de-compile, because I'll just keep a copy of the file on a memory stick, edit it there, compile it and replace the current compiled file with the newly compiled file. Not that I know anything about compiling Python programs, I just want to know if this is a possibility Thanks Ben Hi Ben, Perhaps I've been too much long-winded talking about the compiling issue,and too rash elsewhere.What I would say,essentially,it's possible to split the script in two modules,the first containing the passwords and a crypting/decrypting routine,and the second which could perform the checking operations on the logs.The second should need the passwords stored in the first to check them,so in module2,for example,you would import module1.This would allow the module with the passwords to be attached just at the needed moment then to be removed. Otherwise it applies the same if it's preferred.to backup and replace just a part of the script instead of everything,so it's possibile to modify the passwords or the script itself separately.It all depends by how you like to work with it. However I must establish that the access via telnet is the main security concern,and I agree to what Danny previously said about.The problem here is much matter of dealing with admins. Cheers, Ivan ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Why doesn't this work?
on a barely related note, sets (mutable [set] and immutable [frozenset]) were added to Python beginning in version 2.3... so don't work too hard on your class! you may want to try something more interesting like: write a class which let's you keep track of time and does base 60 (sexagesimal / hexasegimal) math: >>> import myTime >>> c = myTime.myTime(10,30) >>> print c 10:30 >>> d = myTime.myTime(8,45) >>> print c + d 19:15 even better, also allow the constructor to take a string '10:30' in addition to the integers, and validate the parameters as necessary. (this is one of the exercises for "Core Python".) enjoy! -- wesley - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - "Core Python Programming", Prentice Hall, (c)2006,2001 http://corepython.com wesley.j.chun :: wescpy-at-gmail.com cyberweb.consulting : silicon valley, ca http://cyberwebconsulting.com ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] passwords in scripts
On Tue, 24 Jan 2006, Ivan Furone wrote:
> I'm not sure I understand what you are saying here. Surely if the file
> is compiled it can just run (and will only need to be RE-compiled when I
> have to change the code (such as when one of the servers has their
> password changed).
Hi Ivan,
But the issue is that hardcoding passwords in a program doesn't really
protect that password from exposure. For example:
##
bash-3.00$ cat test.py
message = "hello, this is a test"
bash-3.00$ python
Python 2.3.3 (#1, Nov 7 2005, 22:36:37) [C] on sunos5
Type "help", "copyright", "credits" or "license" for more information.
>>> import test
>>> ^D
###
Doing the import will cause test.py to be compiled to 'test.pyc':
##
bash-3.00$ ls -l test.pyc
-rw-r--r-- 1 dyoo other143 Jan 24 10:55 test.pyc
##
But watch what happens here:
##
bash-3.00$ strings test.pyc
hello, this is a testN(
message(
message(
test.pys
##
Our secret string shows right up!
This works even if we're talking about C code:
/**/
bash-3.00$ cat test.c
#include
int main(int argc, char** argv) {
char *msg = "hello";
}
bash-3.00$ gcc test.c
bash-3.00$ strings a.out
hello
/**/
So the fact that we're "compiling" code doesn't do anything significant to
add security: those string literals are ripe for the taking for anyone
competent enough to use the 'strings' command. So that's what we're
trying to warn you about. Compiling code is not a magic wand to obscure
secrets.
Hope this helps!
___
Tutor maillist - Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor
[Tutor] More Doubt with classes
Greetings:
I took Edgar's script and added some more people. Here is the script as
I ran it.
class Person:
'''Represents a person.'''
population = 0
def __init__(self, name):
'''Initializes the person's data.'''
self.name = name
print '(Initializing %s)' % self.name
# When this person is created, he/she
# adds to the population
Person.population += 1
def __del__(self):
'''I am dying.'''
print '%s says bye.' % self.name
Person.population -= 1
if Person.population == 0:
print 'I am the last one.'
else:
print 'There are still %d people left.' % Person.population
def sayHi(self):
'''Greeting by the person.
Really, that's all it does.'''
print 'Hi, my name is %s.' % self.name
def howMany(self):
'''Prints the current population.'''
print self.name + ' says: ',
if Person.population == 1:
print 'I am the only person here.'
else:
print 'We have %d persons here.' % Person.population
swaroop = Person('Swaroop')
swaroop.sayHi()
swaroop.howMany()
kalam = Person('Abdul Kalam')
kalam.sayHi()
kalam.howMany()
butch = Person('Butch Cassidy')
butch.sayHi()
butch.howMany()
gerald = Person('Gerald McBoingBoing')
gerald.sayHi()
gerald.howMany()
tony = Person('Tony Danza')
tony.sayHi()
tony.howMany()
swaroop.howMany()
kalam.howMany()
butch.howMany()
gerald.howMany()
tony.howMany()
When I ran it on my system (Windows XP Professional), I got an error as
the script was cleaning up. Here is the output.
(Initializing Swaroop)
Hi, my name is Swaroop.
Swaroop says: I am the only person here.
(Initializing Abdul Kalam)
Hi, my name is Abdul Kalam.
Abdul Kalam says: We have 2 persons here.
(Initializing Butch Cassidy)
Hi, my name is Butch Cassidy.
Butch Cassidy says: We have 3 persons here.
(Initializing Gerald McBoingBoing)
Hi, my name is Gerald McBoingBoing.
Gerald McBoingBoing says: We have 4 persons here.
(Initializing Tony Danza)
Hi, my name is Tony Danza.
Tony Danza says: We have 5 persons here.
Swaroop says: We have 5 persons here.
Abdul Kalam says: We have 5 persons here.
Butch Cassidy says: We have 5 persons here.
Gerald McBoingBoing says: We have 5 persons here.
Tony Danza says: We have 5 persons here.
Butch Cassidy says bye.
There are still 4 people left.
Abdul Kalam says bye.
There are still 3 people left.
Gerald McBoingBoing says bye.
There are still 2 people left.
Swaroop says bye.
There are still 1 people left.
Tony Danza says bye.
Exception exceptions.AttributeError: "'NoneType' object has no attribute
'population'" in > ignored
Surprisingly, when I comment out the statements referencing the 'tony'
instance, the error goes away.
(Initializing Swaroop)
Hi, my name is Swaroop.
Swaroop says: I am the only person here.
(Initializing Abdul Kalam)
Hi, my name is Abdul Kalam.
Abdul Kalam says: We have 2 persons here.
(Initializing Butch Cassidy)
Hi, my name is Butch Cassidy.
Butch Cassidy says: We have 3 persons here.
(Initializing Gerald McBoingBoing)
Hi, my name is Gerald McBoingBoing.
Gerald McBoingBoing says: We have 4 persons here.
Swaroop says: We have 4 persons here.
Abdul Kalam says: We have 4 persons here.
Butch Cassidy says: We have 4 persons here.
Gerald McBoingBoing says: We have 4 persons here.
Butch Cassidy says bye.
There are still 3 people left.
Abdul Kalam says bye.
There are still 2 people left.
Gerald McBoingBoing says bye.
There are still 1 people left.
Swaroop says bye.
I am the last one.
I can't figure out what the difference is. Does anyone have an idea?
Regards,
Barry
PS Sorry for the long post. I didn't want to leave anything out that
might contain a clue.
BGC
> -Original Message-
> Date: Fri, 20 Jan 2006 20:20:29 -0600
> From: Edgar Antonio Rodr?guez Velazco
<[EMAIL PROTECTED]>
> Subject: [Tutor] Doubt with classes
> To: tutor@python.org
> Message-ID:
> <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi everybody,
> I've been reading the chapter of classes of Byte of Python by Swaroop.
> There's an example with classes (11.4) that is below:
>
> #
>
> ##
>
> I have runned the script in both Linux and Windows and got the same
> result.
> Could you explain me what's wrong with this???
>
> --
> Edgar A. Rodriguez
> -- next part --
> An HTML attachment was scrubbed...
> URL:
>
http://mail.python.org/pipermail/tutor/attachments/20060120/c527657b/att
ac
> hment.htm
___
Tutor maillist - Tutor@python.org
http:
Re: [Tutor] passwords in scripts
--- Alan Gauld <[EMAIL PROTECTED]> wrote: > command line arguments? > > $ startapp -d mydb -l user/password & > > That way they are > 1) kept secret(especially if you turn shell history > off ;-) and > 2) can be changed every time you restart the server > app and > 3) you can have production and test databases > running simultaneously... These are good points, but what if the server is bounced when I'm on holiday (or everyone who might enter the password is asleep). My own little app isn't critical, but I can't see this do the trick for high profile web sites and similar. ___ Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] passwords in scripts
Compiling is certainly helpful in my case, and I did
not realise how simple it was until you explained it.
I estimate that most of our MCSEs will not know about
the strings command or attempt to look inside
something like test.pyc for a password.
As for users, I'll be amazed if they tried it. And
real crackers - I think our network/firewall people
know what they are doing, so I assume crackers are
kept out.
So, yes, I will use this until I've done something
with crypt and/or expect.
Finally, regarding changing the policy about telnet -
it looks to me like the network where I am (I'm very
new), is secure on the networking side however lax it
might be on the server side. It is 100% switched,
which means that only by controlling a switch can
cleartext stuff be seen, and the switches are
well-protected (also physically). So while I might
agree with everyone who mentioned it, I will leave the
Unix security to whoever in our large organisation's
concern it is. I just want to avoid endangering it
myself.
Thanks
Ben
--- Danny Yoo <[EMAIL PROTECTED]> wrote:
>
>
> On Tue, 24 Jan 2006, Ivan Furone wrote:
>
> > I'm not sure I understand what you are saying
> here. Surely if the file
> > is compiled it can just run (and will only need to
> be RE-compiled when I
> > have to change the code (such as when one of the
> servers has their
> > password changed).
>
> Hi Ivan,
>
> But the issue is that hardcoding passwords in a
> program doesn't really
> protect that password from exposure. For example:
>
> ##
> bash-3.00$ cat test.py
> message = "hello, this is a test"
> bash-3.00$ python
> Python 2.3.3 (#1, Nov 7 2005, 22:36:37) [C] on
> sunos5
> Type "help", "copyright", "credits" or "license" for
> more information.
> >>> import test
> >>> ^D
> ###
>
>
> Doing the import will cause test.py to be compiled
> to 'test.pyc':
>
> ##
> bash-3.00$ ls -l test.pyc
> -rw-r--r-- 1 dyoo other143 Jan 24
> 10:55 test.pyc
> ##
>
>
> But watch what happens here:
>
> ##
> bash-3.00$ strings test.pyc
> hello, this is a testN(
> message(
> message(
> test.pys
> ##
>
> Our secret string shows right up!
>
>
>
> This works even if we're talking about C code:
>
> /**/
> bash-3.00$ cat test.c
> #include
> int main(int argc, char** argv) {
> char *msg = "hello";
> }
> bash-3.00$ gcc test.c
> bash-3.00$ strings a.out
> hello
> /**/
>
>
> So the fact that we're "compiling" code doesn't do
> anything significant to
> add security: those string literals are ripe for the
> taking for anyone
> competent enough to use the 'strings' command. So
> that's what we're
> trying to warn you about. Compiling code is not a
> magic wand to obscure
> secrets.
>
>
> Hope this helps!
>
> ___
> Tutor maillist - Tutor@python.org
> http://mail.python.org/mailman/listinfo/tutor
>
___
Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail
http://uk.messenger.yahoo.com
___
Tutor maillist - Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] passwords in scripts
> Compiling is certainly helpful in my case, and I did > not realise how simple it was until you explained it. Remember that only *imported* modules are compiled. Your main program will not be compiled. You can fix that by having your main program look like this: ### dummy mainprog.py import realprog realprog.main() So the real code lives in realprog whjich will be compiled. You can then remove all .py files except mainprog.py. > I estimate that most of our MCSEs will not know about > the strings command or attempt to look inside > something like test.pyc for a password. > As for users, I'll be amazed if they tried it. It depends on their Unix experience. In the old days of Unix (around 1988-1998 - ie pre Y2K issues...) using strings was a standard user trick to find out how to use a program for which man pages had not been installed - the usage instructions were usually to be found using strings. And since X windows became popular as a Unix GUI strings is still a popular way to find out what X resources can be set to customise an applications behaviour/appearance - the resources are often badly documented Speaking personally one of the first things I do after adding a new app on Unix is run strings on it! And I know I'm not alone. So if your users have had access to Unix in the past there is a high likeliehood of them knowing about strings. (other commands that users use to derive personaisation settings include truss/strace to monitor the inter process calls.) Alan G. ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] Linux Python install?
Thanks for the responses gentalmen and apologies! It seems that Python IS included in Fedora but is not explicitly seen (as it is in Windows XP) as a desktop icon. It can be accessed by from the terminal by simply typing Python. RC From: Python <[EMAIL PROTECTED]> To: CPIM Ronin <[EMAIL PROTECTED]> CC: Tutor Python Subject: Re: [Tutor] Linux Python install? Date: Mon, 23 Jan 2006 10:06:24 -0500 On Mon, 2006-01-23 at 09:28 -0500, CPIM Ronin wrote: > Sorry to bother the list with so simple a question but on moving to Linux > from Windows XP, it's not clear to me how to accomplish a Python install on > Linux. On XP it was mostly point and click on a ".msi" file (with msi > standing for Microsoft install). I've loaded the latest Fedora/Redhat > release on an old AMD machine. How do I install Python such that it shows up > as a selection under the Programming task bar with EMACS? I assume you are using yum for package management. It should have been installed by default. As root, you can issue the command yum install python python-docs python-devel python-tools The package yumex provides a GUI interface to the yum package manager. You can think of yumex as the Windows "Add/Remove Programs" application on steroids. yum install yumex The yumex install view with a filter of python will provide an extensive list of additional python packages. Finally, I do not know if this includes the best python integration with EMACS. > I assume I have to do this under root, right? > > Step by step please. > > Thanks. > > _ > Dont just search. Find. Check out the new MSN Search! > http://search.msn.click-url.com/go/onm00200636ave/direct/01/ > > ___ > Tutor maillist - Tutor@python.org > http://mail.python.org/mailman/listinfo/tutor -- Lloyd Kvam Venix Corp _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] More Doubt with classes
On Tue, 24 Jan 2006, my long-lost cousin Barry wrote: > class Person: ... > def __del__(self): > '''I am dying.''' > print '%s says bye.' % self.name > Person.population -= 1 > > if Person.population == 0: > print 'I am the last one.' > else: > print 'There are still %d people left.' % Person.population > > > When I ran it on my system (Windows XP Professional), I got an error as > the script was cleaning up. Here is the output. . . . > Tony Danza says bye. > Exception exceptions.AttributeError: "'NoneType' object has no attribute > 'population'" in instance at 0x00909BC0>> ignored > I'm thinking that what's going on here is that the instances are being deleted as your program ends, which results in the __del__ method being invoked for each instance. But as the last instance (Danza) is deleted, there are no references left to the Person class any longer, either; and so the class itself is deleted, and that's happening before the deletion of Danza has completed. Once the Person class is deleted, there is no longer any Person.population variable. You therefore get an AttributeError, because the attribute "population" no longer exists; and since the person class is gone, there isn't even the Person class to reference any longer, hence the NoneType. I think this is what's meant in the docs on __del__: Also, when __del__() is invoked in response to a module being deleted (e.g., when execution of the program is done), other globals referenced by the __del__() method may already have been deleted. http://www.python.org/doc/2.4.2/ref/customization.html In your case, Person.population is one such "other global." If you really wanted to count on that code being executed in a timely way, the best way to do it is with an explicit call to a method to clean up the object. On the other hand, I'm talking just a little bit over my own head here, so I might be completely wrong. But I figure it's as good a way as any to get a conversation started where I might learn something. ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
[Tutor] : unexpected behavior with assignment in __init__
Hello all, I was just messing around with a suggestion w chun (wescpy at gmail dot com) gave (to make a class that handles time, ie: >>> import myTime >>> c = myTime.myTime(10,30) >>> print c 10:30 >>> d = myTime.myTime(8,45) >>> print c + d 19:15 etc), and I was trying to make it like the str class in that, by default, when you str() a string, it returns the same object. I tried to do this with the following (irrelevant code removed), but it didn't work, despite original indications to the contrary, and I'm not sure I understand why: >>> class stime: def __init__(self, minutes, seconds=None): if seconds is None: if minutes.__class__ is stime: print minutes, type(minutes), minutes.__class__, id(minutes) self = minutes print self, type(self), self.__class__, id(self) def __repr__(self): return str(self) def __str__(self): return "%02d:%02d" % (self.minutes, self.seconds) >>> a = stime(10,3) >>> b = stime(a) 10:03 __main__.stime 12858832 10:03 __main__.stime 12858832 >>> # so, it appears to work, because it prints the same id both times. however, # . . . >>> id(a) 12858832 >>> id(b) 12858792 >>> # they're not the same anymore! and that's not all: >>> a 10:03 >>> b Traceback (most recent call last): File "", line 1, in -toplevel- b File "C:/Documents and Settings/Cookie/Desktop/stime.py", line 20, in __repr__ return str(self) File "C:/Documents and Settings/Cookie/Desktop/stime.py", line 22, in __str__ return "%02d:%02d" % (self.minutes, self.seconds) AttributeError: stime instance has no attribute 'minutes' So, not only do the two variables not refer to the same object after exiting __init__, but b is now a broken stime instance. Anyone know what's going on? Thanks in advance, Orri -- Email: singingxduck AT gmail DOT com AIM: singingxduck Programming Python for the fun of it. ___ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
