08-24-2019, 04:03 PM | #1 |
Guru
Posts: 927
Karma: 1177583
Join Date: Dec 2016
Location: Goiânia - Brazil
Device: iPad, Kindle Paperwhite
|
Store user credentials safely
Hi, everyone.
I'm using urllib requests to fetch data from a website. The thing is the user needs to be logged in. The method works, but I am concerned about safety. I don't want to write it to a json file as plain text. How can I securely get user credentials and store it using calibre plugin api? |
08-24-2019, 04:42 PM | #2 |
Wizard
Posts: 1,086
Karma: 6719822
Join Date: Jul 2012
Device: Palm Pilot M105
|
If they support it, I'd say use OAuth.
You don't store any credentials; they authenticate on the site and you get the access key which is what's used after they authenticate. Although I don't know how you'd manage the initial login where you get the OAuth access key, which is what you use thereafter. Last edited by lumpynose; 08-24-2019 at 04:45 PM. |
08-24-2019, 04:47 PM | #3 |
Guru
Posts: 927
Karma: 1177583
Join Date: Dec 2016
Location: Goiânia - Brazil
Device: iPad, Kindle Paperwhite
|
I can't use OAuth, because the website does not provide an API (their faq says they have one, but haven't disclosed it to the public yet ).
|
08-24-2019, 10:08 PM | #4 |
creator of calibre
Posts: 43,858
Karma: 22666666
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
Safely from whom? Whatever technique you use to store the password has to be automatically reversible without input from the user, which means any person or program can reverse it trivially.
|
08-25-2019, 04:33 AM | #6 |
creator of calibre
Posts: 43,858
Karma: 22666666
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
You can do so if you like, but personally, i always found keyrings to be security theatre, unless they are set up to ask for confirmation on every access, which almost no one ever does. And note that some systems, especially linux ones may not have a functional keyrin at all, so you will need to have a fallback mechanism in place as well.
|
08-25-2019, 05:16 AM | #7 |
Guru
Posts: 927
Karma: 1177583
Join Date: Dec 2016
Location: Goiânia - Brazil
Device: iPad, Kindle Paperwhite
|
Good point.
Just one last question: how calibre handles user credentials for recipes? How does it store them? |
08-25-2019, 08:17 AM | #8 |
creator of calibre
Posts: 43,858
Karma: 22666666
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
IIRC, They are just stored in a config file using some simple onfuscation to deter casual snooping.
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Store user annotations in the EPUB file | SubjectRob | Reading and Management | 1 | 02-11-2017 01:13 PM |
[FALSE] 80,000 Amazon Login Credentials Leaked | geekmaster | Amazon Kindle | 21 | 08-16-2016 10:02 AM |
u.s kindle store for international user | Dih | Amazon Kindle | 7 | 06-30-2014 07:41 PM |
Google Play store & multi-user support | avantman42 | Kindle Fire | 11 | 04-11-2013 08:17 PM |
Where does calibre store user preferences | samgandhi9 | Calibre | 1 | 08-25-2011 01:27 PM |