---------- Forwarded message ---------- From: W W <[EMAIL PROTECTED]> Date: Sun, Aug 24, 2008 at 8:40 PM Subject: Re: [Tutor] Including files for security. To: Dotan Cohen <[EMAIL PROTECTED]>
On Sun, Aug 24, 2008 at 3:38 PM, Dotan Cohen <[EMAIL PROTECTED]> wrote: > 2008/8/24 Alan Gauld <[EMAIL PROTECTED]>: > > > > "Dotan Cohen" <[EMAIL PROTECTED]> wrote > > > >> I think that I will use the open() and read() functions, thanks! I did > >> think of that, but I wanted to know if there was a better wheel > >> invented already. > > > > Another option is to use environment variables to store them. > > These can be set when the server starts up. But a config file > > is ok too. > > > > Thanks, I will google that. But I will save it for other uses, as I > don't want to risk an exploit where one could walk the environment and > discover that info. Does Python have an equivalent to phpinfo()? > You could also store the passwords as a salted hash, and use a nondescript method to import/decode them. It wouldn't stop the serious attacker, but it would make it a little harder for accidental discovery. HTH, Wayne -- To be considered stupid and to be told so is more painful than being called gluttonous, mendacious, violent, lascivious, lazy, cowardly: every weakness, every vice, has found its defenders, its rhetoric, its ennoblement and exaltation, but stupidity hasn't. - Primo Levi
_______________________________________________ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
