Python Forum
python application and credentials safety concern
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
python application and credentials safety concern
#1
Hello,

I finished an application with a simple GUI which uses a Google's OAuth 2.0 for authentication and send some emails. At this time I am building it with pyinstaller, but I can change it if needed.

Now I would like to move this application from the computer where I coded it to a few other PC of my organizations (maybe 3 or 4 more PC).

So the problem about credential safety arose, I am the owner of the organization so I can do whatever I want but at the same time I would like to avoid some dumbness. Obviously I don't need a bullet proof protection system, I am running a little business and at the worst an haker would have access to my gmail.

I have run some research on stack overflow and other sites, and the possibilities seems countless from the simplest (and easy to break) to the more robust, for example:
1) directly write the credential in plain text in my source code
2) hardcode the credential with some kind of "protection", like base64 encoding
3) use os.environ -> I doubt this will work once I move the application to another PC

I would like to receive some advice on how to ship my application with these credentials.
Reply
#2
Note that base64 encoding isn't protection at all; that string can always be decoded.

What's wrong with using environment variables exactly? You can just set them on the machines, so you don't have to store them in the code.
aster likes this post
Reply
#3
(Mar-02-2021, 07:36 PM)ndc85430 Wrote: Note that base64 encoding isn't protection at all; that string can always be decoded.
Agree

(Mar-02-2021, 07:36 PM)ndc85430 Wrote: What's wrong with using environment variables exactly? You can just set them on the machines, so you don't have to store them in the code.

If this is my best possibility I would follow this, actually I don't have idea how to store the google credentials (but this is another problem, it is a dictionary not an simple string)
Reply
#4
If the solution provided by ndc85430 is the best one I can achive, can someone give me an advice on how to login with google?

My need is only to send emails with gmail, from this google's post I think I am forced to use the more complex OAuth 2.0, to my understanding I can't use a simple API-KEY, please correct me if I am wrong

This is a sample of a google's credentials
Output:
{"installed":{"client_id":"my client id","project_id":"my project id":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://oauth2.googleapis.com/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_secret":"my client secret","redirect_uris":["urn:ietf:wg:oauth:2.0:oob","http://localhost"]}}
Maybe my best possibility is to store the whole dictionary as a string in the environment variables and then convert it back to dictionary and pass it to google
Reply
#5
Look into python-dotenv.
I use this in Flask where now it also build in don't need import.
Using dotenv to Hide Sensitive Information in Python.
aster likes this post
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  How do I properly implement restarting a multithreaded python application? MrFentazis 1 588 Jul-17-2023, 09:10 PM
Last Post: JamesSmith
  Cannot find py credentials file standenman 5 1,554 Feb-25-2023, 08:30 PM
Last Post: Jeff900
  Python running only in application Mawixy 2 1,091 Apr-19-2022, 11:38 AM
Last Post: Mawixy
  FTP File Download question / concern cubangt 3 1,270 Jan-06-2022, 07:46 PM
Last Post: cubangt
  How to send data from a python application to an external application aditya_rajiv 1 2,131 Jul-26-2021, 06:00 AM
Last Post: ndc85430
  Using python to execute app or cmd that requires admin credentials thewolf 0 2,079 Mar-05-2021, 08:15 PM
Last Post: thewolf
  Keep Application running after Python script ends PEGylated_User 0 1,944 Nov-12-2020, 03:27 PM
Last Post: PEGylated_User
  httplib2 - how to see credentials added by add_credentials? MSV 2 2,126 Aug-05-2020, 12:24 PM
Last Post: MSV
  Installing Python Application pplgf 3 2,500 Apr-27-2020, 10:51 PM
Last Post: Larz60+
  loop in pyautogui (python automation GUI application) pyprogrammer 0 4,719 Feb-12-2020, 02:52 PM
Last Post: pyprogrammer

Forum Jump:

User Panel Messages

Announcements
Announcement #1 8/1/2020
Announcement #2 8/2/2020
Announcement #3 8/6/2020