0

Brief summary:

  • I have two files: foo1.pyw and foo2.py
  • I need to send large amounts of sensitive information to foo2.py from foo1.pyw, and then back again.
  • Currently, I am doing this by writing to a .txt file, and then opening it with foo2.py using: os.system('foo2.py [text file here] [other arguments passing information]') The problem here is that the .txt file then leaves a trace when it is removed. I need to send information to foo2.py and back without having to write to a temp file.
  • The information will be formatted text, containing only ASCII characters, including letters, digits, symbols, returns, tabs, and spaces.

I can give more detail if needed.

Kieee
  • 126
  • 2
  • 15

3 Answers3

0

You could use encryption like AES with python:http://eli.thegreenplace.net/2010/06/25/aes-encryption-of-files-in-python-with-pycrypto or use a transport layer: https://docs.python.org/2/library/ssl.html.

Mat Taxet
  • 16
  • 5
  • I know nothing about what SSL is, so can you please explain to me how TLS will help me in laymen terms? – Kieee Feb 03 '17 at 21:39
  • @AustinSmith Essentially all data that passes from one file travels through an "open road" that can be intercepted by a middle-man-attack. What a SSL/TLS does, is it essentially creates a tunnel that passes underneath the "open road" thus making it harder for someone to intercept. --Best used for server/client communication. – Mat Taxet Feb 03 '17 at 21:56
  • How could I use this for local-security, sending raw information between files? – Kieee Feb 03 '17 at 22:01
0

If what you're worrying about is the traces left on the HD, and real time interception is not the issue, why not just shred the temp file afterwards?

Alternatively, for a lot more work, you can setup a ramdisk and hold the file in memory.

The right way to do this is probably with a sub-process and pipe, accessible via subprocess.Popen You can then directly pipe information between the scripts.

Community
  • 1
  • 1
TemporalWolf
  • 7,727
  • 1
  • 30
  • 50
  • I'm not worried about interception but I would like to try and prevent it. And I do use basic shredding. But it's very hard(sometimes impossible) to shred files from an SSD. I would rather use some sort of data transfer between the files, and not worriy about shredding. – Kieee Feb 03 '17 at 21:44
  • Also, I just noted you linked me to an information page on Linux Shred. Do note that Windows doesn't have this feature so I've been trying to implement it myself with limited success. – Kieee Feb 03 '17 at 21:51
  • @Austin I've added another option, which should work in Windows. – TemporalWolf Feb 03 '17 at 22:23
0

I think the simplest solution would be to just call the function within foo2.py from foo1.py:

# foo1.py
import foo2
result = foo2.do_something_with_secret("hi")

# foo2.py
def do_something_with_secret(s):
  print(s)
  return 'yeah'

Obviously, this wouldn't work if you wanted to replace foo2.py with an arbitrary executable.

This may be a little tricky if they two are in different directories, run under different versions of Python, etc.

Scovetta
  • 3,112
  • 1
  • 14
  • 13