[Feature Request] Password to lock Pythonista App for Parental Control
Hi, I gave an iPad for my kids as their main computer for study. I set parental control to limit their access to certain website but wanna install Pythonista on it to let them run some scripts for study and entertainment purpose. I don't want them to edit or create any scripts but run them as extension or through the home screen. Is it possible to add a feature to lock the app with password ?
@Phuket2 Oh, it is great to know we can add Touch ID authentication in our script. Though the iPad for my kids is a quite old one (ipad 4) and have no touch ID support. But I can try to write a script to request password if the pythonista_startup.py method works.
@henryaukc , something like the below in your pythonista_startup.py might be ok. But you have to remember Pythonista needs to be closed down by swiping it out of the list of Apps for it to work. The startup file is only run when Pythonista is not in memory.
I think this is ok for accidental use. But it's not secure. You can go into safari and enter pythonista3:// in the URL bar and Pythonista will open bypassing the startup sequence. I am not sure exactly what it does, but it's a sort of Hail Mary to get back into Pythonista if something goes wrong when it's loading. Just by passes some code, the pythonista_startup.py being one of those things.
Also you don't have to have your password as plain text as I have done in the example. You could use Pythonista's keychain module to store and retrieve your password. It's very easy to use.
Then the print msg in my example is just to scare kids 😱But there is no reason why on each bad attempt you couldn't send yourself an email or something more sophisticated.
while True: x= console.input_alert('please enter password', hide_cancel_button=True) if x != 'dad': print('failed, sending sms to dad') else: break
For this example I'd use hashlib rather than a cleartext pw or keychain, since it is still easy for the user to access in either case.
for the goal of "protecting scripts", just use chmod to remove write access to a folder of important scripts for example.
For the goal of protecting what the little ones see on the web, consider a router based filtering approach. even if your router does not directly support parental controls, most let you specify a dns server, and you could use the ironically named OpenDNS which provides dns based blocking.
That's better than trying to restrict access to a specific modules, as was discussed in the other thread, since you can't really do this robustly.
@Phuket2 @jonbThanks a lot! I will search about the hashlib thing. I agree the OpenDNS is a better solution but I just want give a more easier solutions to less technical parents to do it themselves.
ok, I totally misread your original question -- these are your students, not your own kids!
The Restrictions menu in the settings app lets you filter websites. This does turn out to restrict access in a webview inside pythonista as well (anything based on a WebView). You can provide either a "whitelist", or blacklist based in what Apple thinks is adult, or provide your own list.
Now, the restrictions do not apply to urllib/requests or the like. so a kid could in theory make their own "browser" from scratch. That sort of kid will figure out a way around whatever restriction you put in place, and probably gas his own computer/phone at home anyway...
I try to write an authentication script and put it in 'site-packages' as pythonista_startup.py. But it is easily by-passed even I typed the wrong password, it gave me some time to press the stop button for the script in-between the validating process. Seems like this is not a possible method to lock the pythonista environment with password.
from passlib.hash import pbkdf2_sha256 import dialogs import os file = './.passwd' if not os.path.isfile(file): p1 = None p2 = 'password' while p1 != p2: p1 = dialogs.password_alert('Create a password:\nPleaes enter your password', hide_cancel_button=True) if len(p1) == 0: dialogs.hud_alert('Password can\'t be empty!') continue p2 = dialogs.password_alert('Pleaes enter your password again to confirm', hide_cancel_button=True) if p1 != p2: dialogs.hud_alert('The password you entered does not match. Try again') hash = pbkdf2_sha256.encrypt(p1, rounds=200000, salt_size=16) with open(file, 'w+') as F: F.write(hash) if os.path.isfile(file) and os.path.getsize(file) > 0: dialogs.hud_alert('Your password has been saved successfully!') else: dialogs.hud_alert('Error! Password has not been saved!') else: p1 = None trial = 0 success = False while not success: p1 = dialogs.password_alert('Pleaes enter your password', hide_cancel_button=True) with open(file, 'r') as F: hash = F.read() success = pbkdf2_sha256.verify(p1, hash) if success: dialogs.hud_alert('Login Success!') else: dialogs.hud_alert('Login Failed! Try again!') trial += 1
Any method can be called to quit Pythonista if too many failed attempt?
you should be able to wrap the script in a try/except KeyboardInterrupt and then force quit if a KeyboardInterrupt happens.
you can use
import objc_util ObjCInstance(1)
to force a crash.
Alternatively, we could use objc to remove the X button.
@jonB really? We can even remove that 'X' button? That's so powerful... Can we just stop responding to the touch events outside the dialog box? Then no one can stop the script or modify any codes when running the login script.
os.abort()is the "safer" way to force-quit Pythonista, by the way. It should be somewhat cleaner than
os._exit(0)or accessing bad memory at least.
Thanks. I am thinking to open a full-screen window so that the user can't press the stop script button or modify the scripts...