Re: Share your code
Quote:
yes, it compares the inputted text/password as hash to the stored hashed password. I was thinking about protecting the password file itself somehow but not yet implemented any solution for that. But... even if a malicious user would create a new password even password protection can be removed by hand so the original user/owner can access to the database (frankly saying, even the database should be secured; maybe I shall try that too but need some learning on how to secure sqlite3 databases. MySQL does that 'out of the box' but that would be a big dependency to be installed...)... It is not a super-secure system yet but I'm not an expert on this field but trying to find solutions for these problems/ideas... So thanks for the suggestion I will try to implement your observations! jm EDIT:// I did some experiment just out of couriousity: - manually modifiying the password file will result that password always will be incorrect, even if the correct text/letter would be typed back; - if I do the following from shell: Code:
echo 'new_password_as_hashed_text' > password - if a new password is set from under python on the device itself (or maybe generated in python on an other system and copied to the appropriate location) then it will work. |
Re: Share your code
There are good ways to do it, for example use aes to encrypt/decrypt the data on the fly, only ever storing encrypted data in db.
|
Re: Share your code
Quote:
|
Re: Share your code
Hi All!
I made some improvements again and hopefully you will find these useful. So, I was thinking about protecting the financial data and of course the protection of the database appeared to be the best idea. For this purpose I found that sqlcipher would do the trick, it has a python binding and would not have to use encryption-decryption on the fly as sqlcipher uses "pragma key". I dropped the previous password protection method as user have to enter the key at startup of the application. The key does not stored anywhere (except the default key - "temporary_key" - when creating new database at first time running the app) in the app it "appears" only when running the app and it asks for it directly so I did not even use hashlib as I think it is not necesseary. The "main" (?) sqlcipher I found on github did not work on arm, so I searched and found a version for Android which I used to build my own with checkinstall. The installation won't overwrite sqlite3 it just creates sqlite3 executable in /usr/local/bin and that comes default. For pysqlcipher I used version 2.6.3; this will be "installed" as well. From now on you can find this on GitHub. jm |
Re: Share your code
1 Attachment(s)
Hi All!
I happened to successfully install neovim 0.1.7-4 on my n900. You can find the details here. jm Edit:// Opened a separate thread for this. |
Re: Share your code
Quote:
Also, might be great idea to get it in repositories :) |
Re: Share your code
Quote:
Hmm... About get this in the repos...: it would need the libc6_2.10 to be also in the repos and I do not know whether it is a good idea or not... AapoRantalainen's words |
All times are GMT. The time now is 18:43. |
vBulletin® Version 3.8.8