encrypting passwords in a python conf file on a windows platform

I have a script running on a remote machine. db info is stored in a configuration file. I want to be able to encrypt the password in the conf text so that no one can just read the file and gain access to the database. This is my current set up:

My conf file sensitive info is encoded with base64 module. The main script then decodes the info. I have compiled the script using py2exe to make it a bit harder to see the code. My question is:

Is there a better way of doing this? I know that base64 is not a very safe way of encrypting. Is there a way to encode using a key? I also know that py2exe can be reversed engineered very easily开发者_运维知识库 and the key could be found. Any other thoughts?

I am also running this script on a windows machine, so any modules that are suggested should be able to run in a windows environment with ease. I know there are several other posts on this topic but I have not found one with a windows solution, or at least one that is will explained.

Honestly I would use some other back-end. AxCrypt has command line switches. You can then easily write a wrapper in Python (if you don't want to use AxCrypt itself).

Of course if you want a fairly simple way that may be more secure if applied properly, you can use XOR encryption - it's really easy to do such a thing with Python. Just make sure to take into account the weaknesses and strengths. But if you're confident enough that you can make a secure(??) key, it might work for you.

However, the AxCrypt solution is probably just as easy and likely to be stronger. Just keep in mind that nothing is really unbreakable, it's really a question of how long it will take them to break it.

If you want to be able to get back the password (instead you should hash it), you could always salt it for extra measures. But that wouldn't be much help if the user can get the salt out of the executable.

Really the best way would be to not let them access the database at all. Use a web service or a server on your DB machine.