How to hide mail account password in a config file?
https://stackoverflow.com//questions/24034077
-
21-12-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a Python3 program which sends emails. It reads variables from a config file, and one of these is the password of the email account which sends the emails. Now, it is in clear text, but it should not, so I am looking for a way to hide it.
I thought about writing directly the result of applying md5 to the password, like for example:
password = 'write_here_the_password_encrypted'
But the following code would not work:
server = smtplib.SMTP('smtp.gmail.com:587')
server.starttls()
server.login(username, password)
server.sendmail(from_email, to_emails, msg)
server.quit()
Is there anyway to make work the line server.login(username, password) if the password is encrypted?
Solution
login method from SMTP needs only plain password, not some hash of it, so the only way to make it work - unencrypt password before passing to login().
But as md5 is one way hash function (or intended to be one way), so you cannot decode the password, once you coded it into md5 hash. But even if you could, that anyone who has access to you config will also could.
What you need to do - is to separate passwords and other sensitive information to separate file, and store it in safe location, not accessible to unauthorized persons.
