-2

I'm basically making a Skype alternative in Python.

I'm making the login/register system,but I ran into some problems.

So I need to be able to connect to a mySQL database, but when viewing the code of the .py file, the person viewing the code can not be able to see the mySQL login information.

Because then they could just login to the database themselves, and mess everything up.

Anybody have any clue on how to do this?

EDIT

It's basically impossible to do what I want, so I'm just gonna make it so that you have to register through a website, and have logging in have read-only privileges to the database. SHA-256 should be pretty difficult for someone to crack, so I'll just encrypt everyones usernames and passwords.

M0r0
  • 1
  • 2
  • 1
    You should salt/hash the passwords. See the first response here https://stackoverflow.com/questions/17263654/access-hashed-mysql-password-from-python – minterm May 15 '18 at 22:08

1 Answers1

0

Lock down access to the mySQL user ID used by the program so it can do only what it needs and nothing more. Perhaps interact via stored procedures only, and without permission to do anything directly (e.g. DROP tables, SELECT, INSERT, DELETE, etc.)

You can encrypt the password, but if someone has the program code, if the user ID isn't locked down they can still get into the database without knowing the password, just by changing what the Python program queries.

Talmage
  • 343
  • 1
  • 11