I am writing a python script that sends a get request to a router. The problem is that the user and password are exposed to all in the script. I have seen multiple methods for dealing with this problem(using environment variables, reading credentials from a file) but these methods have not satisfied my needs. I would like that only a local admin user could have access to the file or variables that hold the user/pass values.
So I solved this problem by encrypting my credentials with a permanent fernet key using the cryptography library. The permanent key is in a file in the same directory as the main code as well as the encrypted credentials.
Thanks for the suggestions.
Related
Keep in mind that I'm very new and lost when it comes to coding.
I'm trying to generate a temporary for a smart lock that uses the Tuya App using Postman.
I am currently stuck on the password as it requires it to be encrypted.
password requirements from tuya
It says that i need to decrypt the "ticket_key" (which i manage get through the "Get a temporary key for password encryption" request) using the "accessKey". Can anyone help me locate this accessKey and explain how i am supposed to encrypt and decrypt (do i need to create a program for it or is there one already available).
Thanks in advance!
I tried using ChatGPT to write me a program that encrypts and decrypts but didnt manage to get anything usable out of it.
Is it possible to create a common pem file in softlayer to access all the machines in on VLAN from UI itself.
I have looked in all the configuration panels but wasnt able to find this setting.
I wanted to check with other users who might have created pem file to keep a common access credential login in all the machines.
I did not have the experience of working with this, but I can suggest to send an email to PortalFeedBack#softlayer.com, in order that they can provide more information about it or if it can be consider to implement.
I'd like to make a paw file that I can share with colleagues that has no passwords saved in it. It seems that no matter how I make the paw file, the password is embedded - not only in the requests, but in revision history. So I cannot test it with valid passwords, delete the password values, and then save a file that has no passwords.
I was hoping that using a file to store a value would accomplish what I want, but once the file is read, it seems to be embedded in the paw file. I can delete the source password file, and Paw still knows the secret password.
Is there a dynamic value that I should try? Is there some kind of session mode where I can be prompted for the password when I launch Paw?
Thanks
HTTP History (Requests / Responses) are not in .paw files
The history of the requests and responses you sent and received that you can see in the right panel is never stored in your .paw files. Rather, it's stored in your library folder, as web browsers and other apps store caches or history data. So you should be safe for that part.
Manually Remove Passwords
You can manually remove passwords. This is bothering, but you can make things easier by using Environments. See Environments and Use Environments as Reusable Presets. This way your passwords are only in one place, and every request only points to that value. You can then remove just this value before sharing.
Use Pawprint
You can share your request with Pawprint, the service we made available to easily share requests and snap of history from Paw. If your password is in the Authorization header, it will be automatically hidden before sharing. In this case, the latest HTTP Exchange / History item will be shared too (with an hidden Authorization header).
Future: we plan to add full support for OS X Keychain (the Keychain Access app). This way, all passwords will be saved securely and outside your .paw files. It will allow you to safely share them with colleagues.
I've got SL application where i should implement file managment subsystem. I've got hierarchical structure of files\folders(just description). Also each file\folder has its own permissions to users\groups. I would like implement that one user who has permission to download file couldn't give it to another user, who hasn't this permission. So if user has download permission he get link www.site.com/file.rar and download it. But he could give this link to another person without permission. What alogorithm is more appropriate in this case? Any help would be appreciated.
The web server needs to be in charge and provide authentication and authorization for any file requests. It's not specific to Silverlight as this is a general problem.
Your web server must validate each file download request against the currently logged in user (which, if you were using ASP.NET, could be using one of the authentication methods such as Forms Auth, or Windows Auth for example). You might have an HTTP Handler for example that does this validation and allows the download (and provides the download file's bytes). Here's an older example, but looks like it's still applicable for ASP.NET for example.
Or, you could provide a securely generated, expiring (maybe one time use?), token in place of a file name, which maps to a preauthorized file request, and again serves up the file on demand. This one is more difficult to manage in many respects and could lead to a less pleasant user experience if not done carefully (especially if the download may be interrupted and needs to be restarted, then the old token may not be valid, etc.).
I'd go with the first suggestion as it's more reliable and easier to control and manage (ignoring technology specifics as that pattern is available in all web platforms).
You could store permission information in a database. Then each user will have their own account and permission set. Then you can set user group permissions to file groups or individual files.
This could probably also be achieved using the file permission information stored at the operating system level.
You can then have a dynamic page which takes a filename as a request and verifies a user name and password combination and checks whether that file is allowed for that person.
So when someone goes to that file link, they first have to provide the correct credentials to download, otherwise they are denied access.
I hope this helps, it wasn't a directly SilverLight answer but more language agnostic
I have an ASP.NET website on a Windows 2003 Server, that needs to access files from a network share. The network share is password protected and needs a username and password to be provided.
I use forms based authentication on the website and not windows based.
So my problem is, when I try to read any file from the networkshare using the code below, it throws access denied
DirectoryInfo networkShare = new DirectoryInfo("\\TestServer\Share");
So I tried using Impersonate by providing the username and password of the network share to the impersonate function call, however the call obviously fails since that username does not exists on the ASP.NET webserver. So then I passed the username and password of a login that does exist on the webserver, so this time the impersonate call works however it still can not access the network share 'cuz the network share username and password are different.
So finally, I created the exact same username/password on the webserver which matches the network share. This time impersonate function call works and so does network share. I'm able to successfully read from the share.
So my question is, is there a way I can read the network share without adding the username in the webserver. 'Cuz everytime the network share login changes, I'll have to again make a new username in the webserver too. Which is not ideal.
Any ideas?
The "right" way to do this is to run the webserver's AppPool as the identity that can access the share. That way, the only credential storage is done securely in the IIS config (rather than in your code or in readable config files). Putting the webserver and fileserver in the same Windows domain (or different domains with trust) is the easiest way, but the "same username/password" thing should work there as well.
If you don't care about putting usernames/passwords in your code or config, you can P/Invoke to WNetAddConnection2 and pass the username/password- then you should be able to access the share. This doesn't require the webserver to have a matching account, but you really should secure the password (look into System.Security.Cryptography.ProtectedData for encrypted registry storage).