0

My app gives the user the possibility to store some data in a mysql db and he will receive a confirmation by email. I struggle with the way i should hide the sensitive information related to connexion to the db and the SMTP ones. Need some help

Edit: i want to hide those sensitive information and make them unreachable in the app script

khldooon
  • 1
  • 1
  • how is `tkinter` related? do you want to hide the password the user is typing in the `Entry`? use `show='*'` (or any other character) as argument to the constructor (e.g. `entry = tk.Entry(root, show='*')`) – Matiiss Dec 28 '21 at 13:03
  • No, i want to hide the db sensitive information like password/db name/username/port ... These informations are the keys to connect to the db, i want to hide theme in order to forbid someone to have access to data in the db – khldooon Dec 28 '21 at 13:11
  • where do you want to hide that info? in the GUI? why and how? if not, then how is this related to `tkinter` or `desktop-application`? in code, so that people can't just read source and find it out? if yes, then read about environment variables unless you will share the code with others whom you don't trust – Matiiss Dec 28 '21 at 13:12
  • Envir variables must fill my needs but whene i share the app with other people i think that these credentials will not be known in their PCs, aren't they? – khldooon Dec 28 '21 at 13:15
  • Do you mean to hide those credentials in the email sent to user? – acw1668 Dec 28 '21 at 13:15
  • Make theme unreachable in the python script – khldooon Dec 28 '21 at 13:18
  • @khldooon that is not possible really, you can't have them hardcoded in the code, they likely need to be stored on some server – Matiiss Dec 28 '21 at 13:19
  • So, is there something wrong about my method ? – khldooon Dec 28 '21 at 13:20
  • well, it is not easy, you can find a lot of resources on the practices of storing credentials https://stackoverflow.com/questions/23693796/where-should-i-keep-the-credentials-of-my-database, https://stackoverflow.com/questions/10191317/best-practice-for-storing-database-password, https://security.stackexchange.com/questions/20294/how-should-an-application-store-its-credentials, https://security.stackexchange.com/questions/180243/best-practices-for-storing-credentials-used-by-code, https://www.linkedin.com/pulse/storing-database-credentials-securely-siddhesh-jog and many others – Matiiss Dec 28 '21 at 13:35
  • You can use `nuitka` module to create a binary module (`.so` in Linux, `.pyd` in Windows) with all the required functions to connect database/SMTP server. Then your application can use this module to connect the database/SMTP without specifying the credentials. – acw1668 Dec 29 '21 at 02:13

0 Answers0