All geek questions in one place

How is python-keyring implemented on Windows?

How does python-keyring provide security on Windows?

GNOME / KDE on Linux prompts the user to enter their password to authorize access to the keyword for each application.

In Windows there is no such invitation when the application accesses the key fob. What stops a random python application to extract a password from a keychain by running

import keyring get_password(service, username)

How is user consent implemented? Is the whole concept, at least in Windows, based on the assumption that all installed programs are "reliable"?

+4
source share
2 answers

Having studied this a bit, it looks like passwords are stored in the Windows credential store, which is equivalent to the Gnome or KDE keys. In fact, you can see the ones you saved by opening Windows Credential Manager. I get there just by typing Credential Manager in Windows 8.1 from the initial screen, but I think you can also go to it from the user accounts page.

In any case, as you can see from the attached image, the password that I added to keyring as a test is displayed under Windows Credentials -> Generic Credentials -> keyring_demo . Opening this window as another user on the PC does not show this password, therefore it seems to be protected from other users. This screen also allows you to revoke or change passwords.

Windows credential manager

Regarding how the consent will be implemented, I am sure that keyring will work until your Windows user account logs in, but I do not know the specifics.

+2
source 
 from keyring.backend import KeyringBackend class SimpleKeyring(KeyringBackend): """Simple Keyring is a keyring which can store only one password in memory. """ def __init__(self): self.password = '' def supported(self): return 0 def get_password(self, service, username): return self.password def set_password(self, service, username, password): self.password = password return 0 def delete_password(self, service, username): self.password = None
-4
source

Source: https://habr.com/ru/post/946040/

More articles:


All Articles