I am currently working on a project that involved interacting with third-party websites that use basic HTTP auth.
With Python, I can use the requests module, along with a auth variable to pass the username and password along with the request.
Now the problem is, if someone else wants to use this, they need to store their password and username in plain-text as a variable in my Python script.
Now obviously, this is a huge security flaw, if I got hacked and my files were dumped, potentially hundreds of usernames and passwords would be leaked.
Now onto my question, I need to pass plain-text passwords in the request as that is all the website will accept.
However I would prefer to not store them locally. Python has numerous encryption and decryption modules, ones that could be used to decrypt the password before sending the request.
However, if someone gained access to the file, they could just run the script (after adding the required modules), and they would be able to get the password.
I am very new to web development, so what is the best way for me to avoid storing plain-text usernames and passwords, while still being able to send plain-text passwords in the request?
