[Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
Edward Ned Harvey (blu)
blu at nedharvey.com
Sun Feb 1 07:57:10 EST 2015
> From: Kent Borg [mailto:kentborg at borg.org]
>
> On 01/31/2015 06:03 PM, Edward Ned Harvey (blu) wrote:
> > Depends on a lot of stuff. What language? Running on a system you own,
> > or deployed to someone else, etc?
>
> Daemons, written in Python, on a machine I fully control.
The best you can do is put the passwords into a config file with locked-down permissions. Make sure the passwords are randomly generated, and securely communicated with the server - SSL or whatever.
Although it doesn't provide real security, it does no harm to use some obfuscation - Encrypt with a key that's hard-coded into the application.
More information about the Discuss
mailing list