How to deal with user authentication and incorrect modification in scripting languages?

I am creating a centralized desktop application using Python / wxPython. One of the requirements is user authentication, which I am trying to implement with LDAP (although this is optional).

The users of the system will be mechanical and electrical engineers making budgets, and the biggest problem will be industrial espionage. A common problem with this is that leaks usually occur from below through unofficial routes, and this can create problems. The system is configured in such a way that each user has access to everyone and only the information that he needs, so that no person, except people from above, has monetary information throughout the project.

The problem is that for any way I can implement an authentication system, Python's openness makes me think of one way to bypass / get sensible information from the system, since "compiling" with py2exe

is the closest I can get code obfuscation on Windows.

I am not trying to hide the code, but rather, I will do the authentication procedure on its own, make it in such a way that access to the code does not mean that the application can be accessed. One thing I wanted to add was the approach to the accessor routine, so the user can be sure that they are not running the modified client application.

One way I've decided to avoid this is to make a module C

for authentication, but I would rather not.

Of course this question is changing now and not just "Can someone point me in the right direction on how to create a secure authentication system in Python? Something like this already exists?" But "How do you pin a (Python) script against wrong modification? "

+2


source to share


2 answers


How harmful are your users? In fact.

How harmful?

If your users are vicious sociopaths and can't be trusted with a desktop solution, don't create a desktop solution . Create a website.

If users are regular users, they screw the environment up installing viruses, malware, and keyloggers from porn sites before they try to (a) learn Python (b) find out how your security works and (c) make a sincere effort when it breaks.



If you actually have desktop security issues (i.e. public safety, military, etc.), reimagine them with desktop.

Otherwise, relax, do the right thing, and don't worry about "scripting".

C ++ programs are easier to hack because people are lazy and allow SQL injection.

+3


source


Maybe:



  • The user enters their credentials into the desktop client.
  • The client says to the server, "Hi, my username and password is a password."
  • The server checks them.
  • The server says to the client: "Hi, username. Here is your secret token: ..."
  • The client then uses the secret token, along with the username, to "sign" the connection with the server.
+1


source







All Articles