security - Python: securing sensitive variable contents within a script -


i need user input password script can use password perform ldap operation on account. it's simple:

password = getpass.getpass()     ldapconn.simple_bind_s(binddn, password)

even though password never leaving script , never displayed in plain text, isn't still vulnerable memory dump? what's best way secure password within script, still make use of it?

this post interesting: https://security.stackexchange.com/questions/29019/are-passwords-stored-in-memory-safe

primarily because answers confirm suspicion passwords stored in ram not safe. question is, how 1 supposed work requires sensitive information stored in ram? no 1 on post posts practical real-world solution, lot of confirmation , details why ram not safe. using short example of ldap connection above, concrete changes make better secure password variable?

using short example of ldap connection above, concrete changes make better secure password variable?

none. either:

  • need have plain text send ldap api,
    • in case need have plain text, attacker get
    • or need encrypted text decrypt, attacker after decrypt it
  • need password hash send ldap api
    • then attacker hash , use it. it's plain password @ point.

the solutions exist have design not involve prompting user password @ all, , not involve sending plain text passwords other services.

e.g. have working kerberos environment synchronised time, users getting kerberos tickets @ first login, , tickets being used authenticate services without password prompts. tickets have limited lifetime , kerberos replay detection built in, if taken memory less useful password.

so user hits password prompt once entire environment, not once per script run or service access, , password handled 1 centralized, reviewed, low level os process.


Comments

Post a Comment

Popular posts from this blog

resizing Telegram inline keyboard -

telegram's inline keyboard great feature lots of different use cases. inline buttons added list of items this: inline_keyboard = [[inlinekeyboardbutton(text="button", callback_data="button"), inlinekeyboardbutton(text="reset",callback_data="reset")]] inline_keyboard_markup = inlinekeyboardmarkup(inline_keyboard) update.message.reply_text("hi", reply_markup=inline_keyboard_markup) the above code adds 2 buttons each half width of chat screen. i know the normal keyboard button there resize_keyboard parameter somehow can used. my question is there way resize inline buttons ? example make full width or quarter width. unfortunately, can't now. :( you can suggest @botsupport , might add feature next version.
Read more

command line - How can a Python program background itself? -

consider following python command-line program. doesn't work because incomplete, think illustrates problem: #!/usr/bin/python3 import multiprocessing pool = multiprocessing.pool() task in expensive_iterator_with_user_interaction(): pool.call_async(expensive_computation, (task,)) pool.close() print("dear user, may press ctrl-z , bg script.") pool.join() thus, problem scripts needs user input while it's launching expensive parallel processes. there moment when user interaction not needed anymore. then, ask user background process shell actions. however, can achieved program itself? (side note: core of problem entanglement of user input firing “expensive computations”. therefore, cannot separate both in 2 scripts, , letting 1 spawning other daemon.) the command screen may you. use screen -l create new session , run application. after inputting data, can press " ctrl-a " , press " d " on keyboard detach session. now
Read more

php - "cURL error 28: Resolving timed out" on Wordpress on Azure App Service on Linux -

Image
my wordpress installation on azure app service on linux using custom docker container has slow response times. pages take around 20-40 seconds load. i have troubleshooting plugin installed indicates problem "curl error 28: resolving timed out after n milliseconds" when making requests following urls https://api.wordpress.org/core/version-check/1.7/ http://api.wordpress.org/core/version-check/1.7/ https://api.wordpress.org/plugins/update-check/1.1/ http://api.wordpress.org/plugins/update-check/1.1/ https://api.wordpress.org/themes/update-check/1.1/ http://api.wordpress.org/themes/update-check/1.1/ curl works fine on scm-site command line. example works ok. curl -x post http://api.wordpress.org/core/version-check/1.7/ edit if ssh container , run php code, works fine. <?php $url = 'http://api.wordpress.org/core/version-check/1.7/'; $fields = array( 'version' => urlencode('4.8.1'), 'php' => urlencode(
Read more