0

I have a python script where i am using username and password to to perform operation(get/delete)on server using rest api.

I want to encrypt password used in script so that people who open the script won't be able to see plaintext password.

req = requests.delete(url, stream=True, headers=headers, verify=False,
                      auth=('Administrator','password'))

second problem is if i go for xor encryption for temporary purpose like below

passwd = base64.b64decode("cGFzc3dvcmQ=")

req = requests.delete(url, stream=True, headers=headers, verify=False,
                      auth=('Administrator',passwd))

passwd don't work inside auth() function as a variable.

Improve this question
9
  • You seem to use 'pass' (a string) instead of the pass variable. Also please consider not naming a variable pass anyway, 'pass' is a python statement, use e.g. password. Commented May 17, 2017 at 20:42
  • 4
    Erm... why mustn't the user know the password? Commented May 17, 2017 at 20:47
  • @sphere: thanks , i actually used without single quote too, which is giving me syntax error in request.delete () line during script execution and used passwd variable (corrected it.) Commented May 17, 2017 at 20:51
  • 1
    @peter: script is kept on shared server and login user is common for all team members and don't want to expose plain text password hard coded in script to other people for security reason. Commented May 17, 2017 at 20:59
  • 3
    Any way you store the password, whoever reads the script will see how you decrypt it and will be able to follow the same procedure. Store the password elsewhere or make the user type it in. Commented May 17, 2017 at 21:04

1 Answer 1

Reset to default
6

If your greatest risk is people who open your script, don't store the password in the script. No matter what algorithm you use to decrypt an encrypted password stored in the script, the unauthorized user will be able to figure it out and apply it just by opening the script.

You have a couple of options at this point

  1. Store the password in a file with the appropriate permissions set, so that no one outside your group can open it. At this point you probably don't need to encrypt the password, since again, anyone reading your script would immediately know how to decrypt it.
  2. Use the getpass.getpass function to just have authorized users enter the password at a prompt. That way, you don't have to store it anywhere at all. This can not be used directly in a non-interactive script, but you can wrap your Python script in another script that pipes in the password. With the right permissions, this is roughly equivalent to option #1.
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks: i chose 1st approach to store password in file and encrypt it but i am still stuck with my second problem passing passwd's value in rquest.delete url. requests.delete(url, stream=True, headers=headers, verify=False, auth=('Administrator',passwd)) How can i pass the value of passwd inside the auth(). It takes passwd as a string only. ***working scenario is requests.delete(url, stream=True, headers=headers, verify=False, auth=('Administrator','actual_password'))

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.