Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #67498

Re: Password validation security issue

References <09f43567-779e-4d01-8621-c4eb36354d99@googlegroups.com> <fe1cbc09-7004-42b4-b1ed-69b8083013eb@googlegroups.com>
From Ian Kelly <ian.g.kelly@gmail.com>
Date 2014-03-02 18:49 -0700
Subject Re: Password validation security issue
Newsgroups comp.lang.python
Message-ID <mailman.7617.1393811410.18130.python-list@python.org> (permalink)

Show all headers | View raw

On Sun, Mar 2, 2014 at 4:10 PM, Renato <rvernucio@gmail.com> wrote:
> I would like to thank every one who posted a reply. I learnt a lot from you, guys! I appreciate your attention and your help :)
>
> I took a class on Computer Simulation last year. It was told that deterministic (pseudo-)random numbers are excellent for simulations, because they allow debugging and replication when using a seed(). But it was said that deterministic random numbers weren't indeed suitable for encryption and security issues in general. For this purpose, non-deterministc stochastic methods would be more indicated. I learnt a lot about deterministic random numbers generation in this course, like using Mersenne Twister algorithm, but I learnt nothing about encryption, since it wasn't in the scope of that course. Could you suggest some introductory material concerning encryption? I have an intermediate math background (calculus, linear algebra etc) and I'm willing to learn more about security matters.
>
> One last thing, about my original question. So, the only way of encapsulating a Python script content is to code a simple binary program to call it?

Another alternative would be to implement the script as a service that
runs under a separate account.  All the user can directly access is a
client script that sends requests to the service, which does the
actual work and is effectively encapsulated.

I'll also reiterate what others have written about protecting
passwords.  No matter how much you think you've locked down the
script, you shouldn't be storing plaintext passwords *anywhere*.
Remember that nothing that you code will ever be as secure as you
think it is.

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Password validation security issue Renato <rvernucio@gmail.com> - 2014-03-01 09:49 -0800
  Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-02 05:11 +1100
  Re: Password validation security issue Christian Heimes <christian@python.org> - 2014-03-01 19:31 +0100
  Re: Password validation security issue Tim Chase <python.list@tim.thechases.com> - 2014-03-01 12:38 -0600
  Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-02 05:43 +1100
  Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-02 05:45 +1100
  Re: Password validation security issue Christian Heimes <christian@python.org> - 2014-03-01 20:54 +0100
    Re: Password validation security issue Roy Smith <roy@panix.com> - 2014-03-01 15:25 -0500
      Re: Password validation security issue Christian Heimes <christian@python.org> - 2014-03-01 23:07 +0100
      Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-02 09:13 +1100
  Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-02 07:11 +1100
  Re: Password validation security issue Christian Heimes <christian@python.org> - 2014-03-02 20:25 +0100
    Re: Password validation security issue Roy Smith <roy@panix.com> - 2014-03-02 15:01 -0500
      Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-03 07:32 +1100
      Re: Password validation security issue Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-03-03 01:16 +0000
        Re: Password validation security issue Ian Kelly <ian.g.kelly@gmail.com> - 2014-03-02 18:52 -0700
          Re: Password validation security issue Steven D'Aprano <steve@pearwood.info> - 2014-03-03 04:38 +0000
            Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-03 16:44 +1100
            Re: Password validation security issue Ian Kelly <ian.g.kelly@gmail.com> - 2014-03-02 23:50 -0700
        Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-03 13:56 +1100
          Re: Password validation security issue Roy Smith <roy@panix.com> - 2014-03-03 08:41 -0500
            Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-04 00:55 +1100
              Re: Password validation security issue Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-03-03 16:46 +0000
                Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-04 05:46 +1100
            Re: Password validation security issue MRAB <python@mrabarnett.plus.com> - 2014-03-03 16:29 +0000
            Re: Password validation security issue Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-03-03 17:41 +0000
  Re: Password validation security issue Renato <rvernucio@gmail.com> - 2014-03-02 15:10 -0800
    Re: Password validation security issue Ian Kelly <ian.g.kelly@gmail.com> - 2014-03-02 18:49 -0700
    Re: Password validation security issue Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-03-03 02:30 +0000

csiph-web