Python Forum

Python Forum > Python Coding > General Coding Help > python application and credentials safety concern
Full Version: python application and credentials safety concern
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

aster

Mar-02-2021, 06:32 PM
Hello,

I finished an application with a simple GUI which uses a Google's OAuth 2.0 for authentication and send some emails. At this time I am building it with pyinstaller, but I can change it if needed.

Now I would like to move this application from the computer where I coded it to a few other PC of my organizations (maybe 3 or 4 more PC).

So the problem about credential safety arose, I am the owner of the organization so I can do whatever I want but at the same time I would like to avoid some dumbness. Obviously I don't need a bullet proof protection system, I am running a little business and at the worst an haker would have access to my gmail.

I have run some research on stack overflow and other sites, and the possibilities seems countless from the simplest (and easy to break) to the more robust, for example:
1) directly write the credential in plain text in my source code
2) hardcode the credential with some kind of "protection", like base64 encoding
3) use os.environ -> I doubt this will work once I move the application to another PC

I would like to receive some advice on how to ship my application with these credentials.

ndc85430

Mar-02-2021, 07:36 PM
Note that base64 encoding isn't protection at all; that string can always be decoded.

What's wrong with using environment variables exactly? You can just set them on the machines, so you don't have to store them in the code.

aster

Mar-02-2021, 07:42 PM
(Mar-02-2021, 07:36 PM)ndc85430 Wrote: [ -> ]Note that base64 encoding isn't protection at all; that string can always be decoded.
Agree

(Mar-02-2021, 07:36 PM)ndc85430 Wrote: [ -> ]What's wrong with using environment variables exactly? You can just set them on the machines, so you don't have to store them in the code.

If this is my best possibility I would follow this, actually I don't have idea how to store the google credentials (but this is another problem, it is a dictionary not an simple string)

aster

Mar-06-2021, 04:17 PM
If the solution provided by ndc85430 is the best one I can achive, can someone give me an advice on how to login with google?

My need is only to send emails with gmail, from this google's post I think I am forced to use the more complex OAuth 2.0, to my understanding I can't use a simple API-KEY, please correct me if I am wrong

This is a sample of a google's credentials
Output:
{"installed":{"client_id":"my client id","project_id":"my project id":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://oauth2.googleapis.com/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_secret":"my client secret","redirect_uris":["urn:ietf:wg:oauth:2.0:oob","http://localhost"]}}
Maybe my best possibility is to store the whole dictionary as a string in the environment variables and then convert it back to dictionary and pass it to google

snippsat

Mar-06-2021, 06:51 PM
Look into python-dotenv.
I use this in Flask where now it also build in don't need import.
Using dotenv to Hide Sensitive Information in Python.
Python Forum > Python Coding > General Coding Help > python application and credentials safety concern