If using sockets to pass sensitive data between two scripts in the same Tkinter app, over localhost, are there any security concerns?

Question

I am implementing a socket in Python to pass data back and forth between two scripts running on the same machine as part of a single Tkinter application.

This data, in many cases, will be highly sensitive (i.e. personal credit card numbers).

Does passing the data between scripts in this way open me up to any security concerns?

Server side:

import socket

serversocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
serversocket.bind(('localhost', 8089))
serversocket.listen(5) # become a server socket, maximum 5 connections

while True:
    connection, address = serversocket.accept()
    buf = connection.recv(64)
    if len(buf) > 0:
        print buf
        break

Client side:

import socket

clientsocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
clientsocket.connect(('localhost', 8089))
clientsocket.send('hello')

Code source.

Additional considerations:

• This will only ever function as part of a single Tkinter application, on a single machine. Localhost will always be specified.
• I am unable to use multiprocessing or threading; please no suggestions for using one of those or an alternative, other than varieties of socket. For more info as to why, see this SO question, answers, and comments. It has to do with this needing to function on Windows 7 and *nix, as well as my desired set-up.

Answer 1

Yes, passing the data between scripts in this way may raise a security concerns. If the attacker has an access to the same machine - he can easily sniff the traffic using the tool like tcpdump for example.

To avoid this you should encrypted your traffic - I have posted a comment below your question with an example solution.