Mar-02-2021, 06:32 PM
Hello,
I finished an application with a simple GUI which uses a Google's OAuth 2.0 for authentication and send some emails. At this time I am building it with pyinstaller, but I can change it if needed.
Now I would like to move this application from the computer where I coded it to a few other PC of my organizations (maybe 3 or 4 more PC).
So the problem about credential safety arose, I am the owner of the organization so I can do whatever I want but at the same time I would like to avoid some dumbness. Obviously I don't need a bullet proof protection system, I am running a little business and at the worst an haker would have access to my gmail.
I have run some research on stack overflow and other sites, and the possibilities seems countless from the simplest (and easy to break) to the more robust, for example:
1) directly write the credential in plain text in my source code
2) hardcode the credential with some kind of "protection", like base64 encoding
3) use os.environ -> I doubt this will work once I move the application to another PC
I would like to receive some advice on how to ship my application with these credentials.
I finished an application with a simple GUI which uses a Google's OAuth 2.0 for authentication and send some emails. At this time I am building it with pyinstaller, but I can change it if needed.
Now I would like to move this application from the computer where I coded it to a few other PC of my organizations (maybe 3 or 4 more PC).
So the problem about credential safety arose, I am the owner of the organization so I can do whatever I want but at the same time I would like to avoid some dumbness. Obviously I don't need a bullet proof protection system, I am running a little business and at the worst an haker would have access to my gmail.
I have run some research on stack overflow and other sites, and the possibilities seems countless from the simplest (and easy to break) to the more robust, for example:
1) directly write the credential in plain text in my source code
2) hardcode the credential with some kind of "protection", like base64 encoding
3) use os.environ -> I doubt this will work once I move the application to another PC
I would like to receive some advice on how to ship my application with these credentials.