From 6039b28a8e5fe3c06795e93f76ebac12879733fa Mon Sep 17 00:00:00 2001 From: Ben D Date: Thu, 20 Jan 2022 16:10:52 -0800 Subject: [PATCH] Add 'Keeping Credentials' --- Keeping-Credentials.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 Keeping-Credentials.md diff --git a/Keeping-Credentials.md b/Keeping-Credentials.md new file mode 100644 index 0000000..0fd7eca --- /dev/null +++ b/Keeping-Credentials.md @@ -0,0 +1,25 @@ +Configuration is stored localy in the `config.json` file. + + + +**THIS IS NOT SAFE** +Password storage, you can store your credentials in the `config.json` file, however your passwords will be stored as plaintext making them exposed to anyone with access to the system. + +By default the script will not save your passwords and you will be required to enter them each time the script starts. +If you choose to save your credentials in the `config.json` file, you assume all risk and security implications of doing so. + +It is advised that you add an additional routine to the script, that encrypt/decrypt the values stored for passwords in the `config.json` file. + +Below is a Base64 example, however, base64 should not be used for encrypting passwords as it is easily reversed. +``` +password = "my_password".encode("utf-8") +encoded = base64.b64encode(password) +print(encoded) + +decoded = base64.b64decode(encoded) +print(decoded) +Output +``` + +You should instead use a cryptography library such as [cryptography](https://pypi.org/project/cryptography/). The usage and details of which are beyond the scope of this demo library and are left to the end user to implement for themself. +