0

I'm working on a software that stores information on a local database on the computer (yeah, I know, that's incredible). Among that information, we recently added a secret token, provided by a third-party company.

Usually, when doing support the customers send us their database so we can test and reproduce errors reliably. Sadly, some of them send us their database with the secret token in it. Which means importing this database on our test platforms will actually hit the real third-party user production account, and mess with its production data (not cool).

To avoid that, we thought of detecting a host-computer change and disable the token (or erasing it from DB on startup) if the host change was detected.

The thing being, how to detect such a change (using Python, preferably) ? This is close to what one would require for a licensing system, except we probably don't need the same precision.

To make things even funnier, this would need to work for Mac OS X, Windows and Linux.

Any clue ?

ereOn
  • 53,676
  • 39
  • 161
  • 238
  • 1
    Perhaps this helps? [Get a unique computer ID in python on windows and linux](http://stackoverflow.com/questions/2461141/get-a-unique-computer-id-in-python-on-windows-and-linux) – Tim Pietzcker Sep 30 '13 at 09:00
  • 3
    Wouldn't it be easier to add a debug mode flag to your application so it ignores the token when you're testing? This smells like an XY problem to me. – millimoose Sep 30 '13 at 09:02
  • Or write a script that scrubs the imported data of this information? – George Stocker Sep 30 '13 at 09:03
  • @millimoose: It's not for testing: it's for "debugging" (perhaps the wrong term) customer issues. Anything the thing with a flag is that you can (too) easily, forget it. We'd like to avoid situations where one copies over a database, runs the software and ruins the production data of a customer. – ereOn Sep 30 '13 at 10:54
  • Okay but you got my point, basically have a "special" version of the program that simply won't allow you to connect to the production DB. I'll admit I'm mostly extrapolating from having maintained a POS app where we had a bunch of flags like that for developer use. (Not one to do this, exactly, because the developer machines had no network access to the production DB whatsoever, so I admit we didn't need to use anything foolproof.) – millimoose Sep 30 '13 at 12:51
  • As in, ideally, on the developer machines, you wouldn't have any other version of the program, the flag would default to the safer setting and only be changed in production deployments. (Although this would probably cause a headache when upgrading.) – millimoose Sep 30 '13 at 12:58

0 Answers0