stuff ={
"data": "user_data",
}
http = urllib3.PoolManager(
cert_reqs="CERT_REQUIRED",
ca_certs='cert.pem')
resp = http.request(method='POST', url='https://localhost:8080/example', body= json.dumps(stuff), headers={'Content-Type': 'application/json'})
very_private_script = resp.data.decode('utf-8')
exec(very_private_script)
This is a script that interacts with a Node.js server, the node.js looks if the user is registred and has payed the software and some other algorithms and if the used has payed the software the node.js sends very_private_script which is the software (the software is very secret). I’am very worried if someone would run a debugger, inspect the memory and find out the contents inside very_private_script.
I wanted to note that this is a HTTPS connection so the requests can’t be intercepted
And I wanted to ask it is safe what I did up there and it is any risk of revealing the contents inside very_private_script?
endri brahushi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.