0

I am working on making a log file for a small application. If an error occurs in the application then I have to send a mail to a person. I've figured out the code to send a mail to a person, but I don't want to hard code the password as a string. Instead I want to encrypt it and then de-crypt it in my python code. alternatively is it okay to store the email and password in a csv file and read it from the file. How safe is this? Can someone guide me how this can be done. Any example or documentation is welcome.

David
  • 15,814
  • 3
  • 48
  • 73
Raki
  • 1

2 Answers2

1

You have a bit of a chicken and the egg problem. On one hand you need to store the password on the other hand you don't want it to be readable by just anyone. The problem is that you will either rely on an algorithm or another secret key stored somewhere on your system to obfuscate and de-obfuscate your password. This is security through obscurity and will only make it a little bit harder for an attacker to guess the used password.

If you plan on distributing your application, this is not the way to go and you should re-think your strategy (for instance displaying the error to the user and requesting him to email it for you instead).

If you are running the application as a single instance my advice is to just leave the password as is and ensure that the file permissions are set so that only the user as which the script is run can read the file containing the password.

Lucas Kauffman
  • 54,169
  • 17
  • 112
  • 196
1

In addition to what Lucas said, you could ensure that the application sending this log over email has its own email account with its own unique password. Indeed, if your app were to be compromised or downloaded by someone it shouldn't leak a password that you actually care about.

Steve Dodier-Lazaro
  • 6,798
  • 29
  • 45