Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > Encrypted Logging in python

Reply
Thread Tools

Encrypted Logging in python

 
 
koranthala@gmail.com
Guest
Posts: n/a
 
      01-09-2009
I was wondering if there is a mechanism to encrypt logging
automatically in python.
The issue is as follows:
(a) An application (after py2exe) will go as executable and there
is no need for the user to know that it is written in python. If an
exception occurs and it is logged, then the user can understand it is
written in python.
(b) A security threat. If an exception occurs, the code is seen by
the user - and possibly be misused.

Base64 encoding somewhat helps - which is supported by logging
module - but even that is not very secure. If there can be an option -
wherein we send in the password and the logging is encrypted - it
might be better.
I would have loved to provide the code, but I am completely tied up
at the moment and wont be able to help for another month.

 
Reply With Quote
 
 
 
 
Steven D'Aprano
Guest
Posts: n/a
 
      01-09-2009
On Fri, 09 Jan 2009 00:21:09 -0800, koranthala wrote:

> I was wondering if there is a mechanism to encrypt logging automatically
> in python.
> The issue is as follows:
> (a) An application (after py2exe) will go as executable and there
> is no need for the user to know that it is written in python. If an
> exception occurs and it is logged, then the user can understand it is
> written in python.
> (b) A security threat. If an exception occurs, the code is seen by
> the user - and possibly be misused.


Security by obscurity is not security. If your application isn't secure
against people who know what language is written in, then it isn't secure.




--
Steven
 
Reply With Quote
 
 
 
 
koranthala@gmail.com
Guest
Posts: n/a
 
      01-09-2009
On Jan 9, 3:16*pm, Steven D'Aprano <st...@REMOVE-THIS-
cybersource.com.au> wrote:
> On Fri, 09 Jan 2009 00:21:09 -0800, koranthala wrote:
> > I was wondering if there is a mechanism to encrypt logging automatically
> > in python.
> > * *The issue is as follows:
> > * * (a) An application (after py2exe) will go as executable and there
> > is no need for the user to know that it is written in python. If an
> > exception occurs and it is logged, then the user can understand it is
> > written in python.
> > * * (b) A security threat. If an exception occurs, the code is seen by
> > the user - and possibly be misused.

>
> Security by obscurity is not security. If your application isn't secure
> against people who know what language is written in, then it isn't secure..
>
> --
> Steven


I understand that completely.
My point is that even though I can try to make the application
completely secure - I can never be sure of that. Especially if your
company is a very small one - and might not be able to have the best
programmers around. So, another layer of security - even security
through obscurity - can give that bit extra time in which the bugs in
the system can be ironed out.

Also, what I am asking is a generic option in logging - which can help
the adoption of the logging framework in even closed source systems.
It is not just about security - just that a closed source company
might be much more comfortable in using the system if crypt is there.
 
Reply With Quote
 
pruebauno@latinmail.com
Guest
Posts: n/a
 
      01-09-2009
On Jan 9, 8:02*am, (E-Mail Removed) wrote:
> Also, what I am asking is a generic option in logging - which can help
> the adoption of the logging framework in even closed source systems.
> It is not just about security - just that a closed source company
> might be much more comfortable in using the system if crypt is there.


Python is an open source project. Many people that read this list
don't like closed source code too much and are not willing to invest
time to work in features like this. You might get lucky and somebody
that is interested in the topic might give you some tips.
 
Reply With Quote
 
Gerhard Häring
Guest
Posts: n/a
 
      01-09-2009
http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:
> I was wondering if there is a mechanism to encrypt logging
> automatically in python.


Python's standard library doesn't include any "strong" symmetric
ciphers. But if you include for example a cryptographic module for AES,
for example, it should be easy (I guess 10 lines of code, yes, the issue
always is *which* 10 lines) to write a custom logger that encrypts using
a hardcoded key.

As others have said, this is not really secure, so you could just as
well use something stupid like rot13 or base64 instead.

> The issue is as follows:
> (a) An application (after py2exe) will go as executable and there
> is no need for the user to know that it is written in python. If an
> exception occurs and it is logged, then the user can understand it is
> written in python.


In 99.326 % of all cases, the answer is: so what?

> (b) A security threat. If an exception occurs, the code is seen by
> the user - and possibly be misused.


Simply make the user not see the exception, but use a fallback exception
handler that does whatever you want to. Write to a log file. Or write to
an encrypted log file if you still think that helps.

> Base64 encoding somewhat helps - which is supported by logging
> module - but even that is not very secure. If there can be an option -
> wherein we send in the password and the logging is encrypted - it
> might be better. [...]


As I said before, that should be trivial to program if you look up the
documentation about the logging module. Just subclass FileHandler. And
make sure your class is then used. That's probably the hardest part

That all being said, I have one final advise: Your time is probably much
better spent on *real* issues.

-- Gerhard

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Logging to a file and closing it again properly (logging module) Christoph Haas Python 1 06-14-2006 08:47 AM
Logging to a file and closing it again properly (logging module) Christoph Haas Python 0 06-12-2006 09:58 PM
logging buffered vs. logging history Christian Roos Cisco 4 02-05-2006 10:55 PM
java.util.logging, where to put logging.properties? janne Java 0 09-10-2004 10:18 AM
[java.util.logging] logging only to _one_ file Stefan Siegl Java 0 08-27-2003 12:29 PM



Advertisments