Hiding a password in a python script (insecure obfuscation only)
Base64 encoding is in the standard library and will do to stop shoulder surfers:
>>> import base64
>>> print(base64.b64encode("password".encode("utf-8")))
cGFzc3dvcmQ=
>>> print(base64.b64decode("cGFzc3dvcmQ=").decode("utf-8"))
password
What is the best way of hide a password?
You're using a scripting language and accessing a database directly with a password. No matter what you do, at some level that password is going to be easily accessible. Obscuring it doesn't really buy you much.
You have to rely on the machine's security and permissions, and perhaps the database (restricting access from that particular machine and user).
I need to securely store a username and password in Python, what are my options?
I recommend a strategy similar to ssh-agent. If you can't use ssh-agent directly you could implement something like it, so that your password is only kept in RAM. The cron job could have configured credentials to get the actual password from the agent each time it runs, use it once, and de-reference it immediately using the del statement.
The administrator still has to enter the password to start ssh-agent, at boot-time or whatever, but this is a reasonable compromise that avoids having a plain-text password stored anywhere on disk.
I need to securely store a username and password in Python, what are my options?
I recommend a strategy similar to ssh-agent. If you can't use ssh-agent directly you could implement something like it, so that your password is only kept in RAM. The cron job could have configured credentials to get the actual password from the agent each time it runs, use it once, and de-reference it immediately using the del statement.
The administrator still has to enter the password to start ssh-agent, at boot-time or whatever, but this is a reasonable compromise that avoids having a plain-text password stored anywhere on disk.
Python:Hide Password
Quite simply, it's because you've asked the POP3 lib to give you debugging output. Some of what it's included appears to be the password that's being sent to the server. To avoid this, you should simply omit your log level set (the documentation says the default level is 0 -> no output), or explicitly set it to 0.
Related Topics
Getting Started with the Python Debugger, Pdb
How to Keep Index When Using Pandas Merge
Shuffle an Array with Python, Randomize Array Item Order with Python
Python - Rolling Functions for Groupby Object
How to Loop Through All But the Last Item of a List
How to Terminate a Thread When Main Program Ends
Testing Floating Point Equality
What's a Faster Operation, Re.Match/Search or Str.Find
How to Select Elements of an Array Given Condition
Scipy: Savefig Without Frames, Axes, Only Content
Speed of Calculating Powers (In Python)
Use and Meaning of "In" in an If Statement
Why Are Str.Count('') and Len(Str) Giving Different Output
Programmatically Searching Google in Python Using Custom Search
What Is the Correct Way to Set Python's Locale on Windows
Pip - Fatal Error in Launcher: Unable to Create Process Using '"'
Run Child Processes as Different User from a Long Running Python Process