Menu
The application I develop dictates that the software should prevent unauthorized access. In order to implement this, I've used user and password based authentication with two roles available - standard user and administrator.
This was implemented completely in Python by using SQLAlchemy for interacting with the database, PyQt for user interface.
The entered password is hashed using brcypt and then compared with the hash present on the database for the respective username (standard authentication technique used in web services).
After successful authentication, a variable called self.authenticatedUser holds an SQLAlchemy instance of class User.
The consequence of this implementation is that anyone can edit the login method to simply query the database directly for an object of type User with username admin and assign the returned SQLAlchemy instance of User to self.authenticatedUser and bingo the hacker has access to the system.
Since, I am distributing this software written in python, it is a matter of minutes for an hacker(or any sort of programmer) to disable the authentication mechanism. Also, I cannot use a web service here to authenticate or authorize by getting login login token because the software would be used in an environment with an air gap.
Are there any concrete ways to implement this in a much secure way ?
265
Everything is just a matter of how hard is to reverse engineer the code, so here are some techniques to "protect" it.
174
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
