hello,
I've a Python desktop application, running under Widows, that stores the
data in a central SQLite database.
Depending on the user login on the system, some of the data from the
database is allowed and other data is forbidden.
I can read the current logged in user.
The authorization for each user is stored encrypted in the database.
The program is delivered as pyc files,
but from what I read, these can easily be reversed engineered.
There is even an encrypted version of SQLite (not freeware),
but as long as test the authorization in Python,
it doesn't seem to be a good protection.
So at first thought, a better way might be the following process:
- encrypt the whole database
- run all queries through a DLL written in C or Delphi, where also the
authorization is checked
But on second thought that isn't true.
The login on the computer is assumed to be enough (1-time login).
So the Python program passes the username to the external DLL.
And there's the weak point again,
the username of every person in our organization is known to every one.
So it shouldn't be too difficult to modify the program,
so it will always use the external DLL with the username with the
highest authorization.
So the question remains:
Is it possible to create a Python Desktop application,
with user authorization, based on the login of the user ?
thanks,
Stef Mientki
--
http://mail.python.org/mailman/listinfo/python-list
