tags:

views:

34

answers:

1
+1  Q: 

storing passwords in class variables in python

I'm working on a python script that stores ssh passwords only during the current session. What I'm doing is declaring a class variable credentials = {}. When the script needs access to a specific server, it checks in credentials to see if credentials['server'] exists. If it does, it uses the password there, if it doesn't, it prompts the user.

This is all working fine, but I'm just wondering if that's a bad way of implementing this? This isn't running anywhere critical that I need to be THAT concerned about security. I was just thinking it'd be nice if I could declare credentials as private.

Is this a reasonable approach? Is there a more pythonic way to do this or one that's better suited for how python deals with class member access?

+1  A: 

A bit of a digression, but when I've built scripts do this in the past, the security minded recommended using an ssh-agent approach. The agent is a background processes, independent of the python but running under the same user, that will store the credentials. Then the script doesn't need to worry about prompting or handling passwords at all.

Todd Gardner  2010-09-12 06:28:54
Yeah, that's a good solution, and I'm sure there are lots of solutions that are extremely security conscious. However I'm trying to make this as portable as possible. Not across different OSes, but just across different linux distributions that I'd prefer not to have to install extra stuff.
Falmarri  2010-09-12 06:50:35
ssh-agent is part of OpenSSH, so it is probably installed where ever you are using SSH. It can be more setup to get the keys in-place though.
Todd Gardner  2010-09-12 07:03:15

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security