0

the pickled file i create using this method is readable in text editor if we forcibly open it, 

import pickle,os
print os.path.split(__file__)[0]
storloc= os.path.normpath(os.path.join(os.path.split(__file__)[0],"test.pkl"))

newD={"String":"this is the world", "int":1,"float":1.5}
print newD
print storloc
d = open(storloc, 'wb')
pickle.dump(newD,d)
d.close()

how to make pickled file(test.pkl) unreadable in any text editor?

  • Eh? Why do you need that, and why would you want to break the protocol? – Martijn Pieters Nov 14 '12 at 17:07
  • Did you do a search for "encryption"? – unwind Nov 14 '12 at 17:09
  • well i am making a tiny tool that saves ftp username and password so instead of making user enter everytime i want to give it option to save it on to disk...so the user can carry the pickle file and when he uses the tool again he just use the pickled file to get the info to be filled in automatically and data doesnt gets disclosed if someone opens in text editor... –  Nov 14 '12 at 17:10
  • 3
    That's security by obscurity, which is not security. Instead, I recommend looking into the keyring services offered by operating systems for saving credentials. – Mattie Nov 14 '12 at 17:13
  • 1
    See this answer for how to do it properly http://stackoverflow.com/questions/157938/hiding-a-password-in-a-python-script – Martin Beckett Nov 14 '12 at 17:16

2 Answers2

0

Just add a third parameter to the dump call - it is the protocol parameter, and only the default one (0) is ASCII encoded - protocols 1 and 2 are binary only and should be mangled in a text editor.

However, this is not safe - if you want passwords not to be seen, check pycripto, and do some proper cryptography on your file.

jsbueno
  • 99,910
  • 10
  • 151
  • 209
  • so I get to solve my problem how Keith referred to using zip and jsbueno's Flag value set to 2 makes the txt file unreadble however i can unpickle it and restore data –  Nov 14 '12 at 18:16
0

Attempting to make a simple format such as Python pickles safe for passwords is a fools game.

Use the keyring package instead and leave it to the OS to store your password safely.

import keyring

username = # Obtain a stored username or ask the user
password = keyring.get_password('your_application_name', username)

if password is None or verify_password_failed:
    password = # Obtain a password from the user
    keyring.set_password('your_application_name', username, password)

The keyring package uses the OS-supplied keyring (OS X, Windows, KDE, Gnome), but will fall back to an encrypted store of it's own if necessary.

Martijn Pieters
  • 1,048,767
  • 296
  • 4,058
  • 3,343
  • 1
    is it part of standard library ? no, so i cannot use it? no matter its good, for current task i cannot use keyring –  Nov 14 '12 at 18:11
  • @san: Why can't you use external libraries? A simple `pip install keyring` or `easy_install keyring` to install it, and a `install_requires` dependency in the project `setup.py` if you need to distribute your project is all that is needed. – Martijn Pieters Nov 14 '12 at 18:16
  • 1
    since the user of my tools are not known to me , It wont be easy to guide them to first install and and then run my tool... –  Nov 14 '12 at 18:17
  • @san: They'll use `easy_install yourtool` or `pip install yourtool` and the installation tool will take care of the `keyring` dependency for you. See the [Hitchhiker's Guide to Packaging](http://guide.python-distribute.org/). We'd never get anywhere with Python otherwise.. – Martijn Pieters Nov 14 '12 at 18:21
  • 1
    I believe you, but I make tool for Autodesk Maya artist who are no vice to programming and having them to learn what they are not willing to is going to make them reject what to them sound complex or what they are not sure what they are doing,I would totally buy what you are offering for some future project that involves users who are well aware of using PIP or easy_install... –  Nov 15 '12 at 06:27