1 00:00:00,000 --> 00:00:00,500 2 00:00:00,500 --> 00:00:03,720 SPEAKER 1: And I'm just wondering, what are of the typical conventions 3 00:00:03,720 --> 00:00:11,290 to basic security management for doing development or doing 4 00:00:11,290 --> 00:00:15,700 post development for managing apps, or what should I 5 00:00:15,700 --> 00:00:19,780 even do trying to get into network security or cyber security, 6 00:00:19,780 --> 00:00:24,130 or with Python, or like if I have some analytic skills with Python, 7 00:00:24,130 --> 00:00:27,880 and so on and so forth, what should I study and stuff like that? 8 00:00:27,880 --> 00:00:28,547 SPEAKER 2: Sure. 9 00:00:28,547 --> 00:00:30,338 Why don't I answer the first part, and then 10 00:00:30,338 --> 00:00:31,990 turn the latter part over to Brian. 11 00:00:31,990 --> 00:00:36,880 So if you are live streaming your code and with it your secret keys 12 00:00:36,880 --> 00:00:38,260 on the internet, don't. 13 00:00:38,260 --> 00:00:39,880 That is bad. 14 00:00:39,880 --> 00:00:42,520 You answered the questions yourself already. 15 00:00:42,520 --> 00:00:45,220 If you recall-- if you've taken CS50 or CS50 Web, 16 00:00:45,220 --> 00:00:49,148 you might recall that anytime we dealt with secrets, like API keys, 17 00:00:49,148 --> 00:00:51,940 we would encourage you to put them into what are called environment 18 00:00:51,940 --> 00:00:54,860 variables, which put them into the computer's memory, 19 00:00:54,860 --> 00:00:57,400 but in a place where it's not in your code, which 20 00:00:57,400 --> 00:01:00,430 means people on the internet can't see it if you're live streaming. 21 00:01:00,430 --> 00:01:03,970 And you don't accidentally therefore push it to GitHub 22 00:01:03,970 --> 00:01:07,810 or save it in your code repository, if you're using version control. 23 00:01:07,810 --> 00:01:10,120 So generally speaking, anything you put in your code 24 00:01:10,120 --> 00:01:11,920 really shouldn't be that sensitive. 25 00:01:11,920 --> 00:01:14,920 You should not have passwords, not secret keys or the like. 26 00:01:14,920 --> 00:01:17,770 Use some other mechanism for those. 27 00:01:17,770 --> 00:01:21,260 As for Python itself and security practices and learning more, 28 00:01:21,260 --> 00:01:23,630 Brian, do you want to take it from there? 29 00:01:23,630 --> 00:01:26,630 SPEAKER 3: Yeah, I mean, certainly if you're interested in learning more 30 00:01:26,630 --> 00:01:29,600 about security, the domain I'd suggest looking into 31 00:01:29,600 --> 00:01:31,520 is the whole world of cryptography, which 32 00:01:31,520 --> 00:01:34,490 is this very sort of vast discipline within computer 33 00:01:34,490 --> 00:01:38,360 science all about trying to communicate things securely, 34 00:01:38,360 --> 00:01:42,740 which is becoming very, very necessary in the context of the internet, 35 00:01:42,740 --> 00:01:45,103 where you want to be able to send messages to someone 36 00:01:45,103 --> 00:01:47,270 across the internet, but you want to do so securely, 37 00:01:47,270 --> 00:01:49,062 so that nobody in the middle is going to be 38 00:01:49,062 --> 00:01:51,830 able to access whatever information you're trying to send them. 39 00:01:51,830 --> 00:01:54,590 And there are a whole bunch of now algorithms and libraries 40 00:01:54,590 --> 00:01:58,100 that exist in languages like Python that might be worth exploring there. 41 00:01:58,100 --> 00:02:00,350 And this kind of cryptography is the basis 42 00:02:00,350 --> 00:02:03,080 for how communication over the internet works. 43 00:02:03,080 --> 00:02:06,010 It's the basis for how cryptocurrencies like Bitcoin work, 44 00:02:06,010 --> 00:02:08,330 if you're familiar with or have heard of those. 45 00:02:08,330 --> 00:02:11,720 So a lot of applications now have these cryptographic techniques. 46 00:02:11,720 --> 00:02:15,270 And we talk about these a little bit in CS50 in the web programming class, 47 00:02:15,270 --> 00:02:18,710 but definitely a lot more there to explore too. 48 00:02:18,710 --> 00:02:20,000