<a href="https://colab.research.google.com/github/2303A52096/AI-Assistant-coding/blob/main/_2096ass_5_5.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

#ASSIGNMENT 5.5

### 1. Naive (Basic) Approach

This method checks divisibility by every number from 2 up to `n-1`. If any number divides `n` evenly, then `n` is not prime. This approach is simple to understand but inefficient for large numbers.

In [3]:
def is_prime_naive(n):
    if n < 2:
        return False
    for i in range(2, n):
        if n % i == 0:
            return False
    return True

# Test cases
print(f"Is 7 prime (naive)? {is_prime_naive(7)}")
print(f"Is 10 prime (naive)? {is_prime_naive(10)}")
print(f"Is 2 prime (naive)? {is_prime_naive(2)}")
print(f"Is 1 prime (naive)? {is_prime_naive(1)}")
print(f"Is 97 prime (naive)? {is_prime_naive(97)}")

Is 7 prime (naive)? True
Is 10 prime (naive)? False
Is 2 prime (naive)? True
Is 1 prime (naive)? False
Is 97 prime (naive)? True


### 2. Optimized Approach

This method uses a few optimizations:
*   It handles the base cases for 0, 1, 2, and 3.
*   It knows that all primes greater than 3 can be expressed in the form 6k ± 1.
*   It checks for divisibility only up to the square root of `n`, because if `n` has a divisor greater than its square root, it must also have a divisor smaller than its square root.
*   It checks divisibility only by 2, 3, and then numbers of the form `6k ± 1`.

In [2]:
import math
def is_prime_optimized(n):
    if n < 2:
        return False
    if n <= 3:
        return True
    if n % 2 == 0 or n % 3 == 0:
        return False

    i = 5
    while i * i <= n:
        if n % i == 0 or n % (i + 2) == 0:
            return False
        i += 6
    return True

# Test cases
print(f"Is 7 prime (optimized)? {is_prime_optimized(7)}")
print(f"Is 10 prime (optimized)? {is_prime_optimized(10)}")
print(f"Is 2 prime (optimized)? {is_prime_optimized(2)}")
print(f"Is 1 prime (optimized)? {is_prime_optimized(1)}")
print(f"Is 97 prime (optimized)? {is_prime_optimized(97)}")
print(f"Is 101 prime (optimized)? {is_prime_optimized(101)}")
print(f"Is 99 prime (optimized)? {is_prime_optimized(99)}")

Is 7 prime (optimized)? True
Is 10 prime (optimized)? False
Is 2 prime (optimized)? True
Is 1 prime (optimized)? False
Is 97 prime (optimized)? True
Is 101 prime (optimized)? True
Is 99 prime (optimized)? False


### File Processing with Error Handling

This program demonstrates how to read data from a file while handling common exceptions that might occur during file operations. It uses `try-except` blocks to gracefully manage errors like a file not being found, insufficient permissions to access a file, or any other unexpected issues.

First, let's create a sample file to work with.

In [5]:
# Create a dummy file for demonstration
file_name = 'sample_data.txt'
try:
    with open(file_name, 'w') as f:
        f.write('Line 1: Hello Python\n')
        f.write('Line 2: Error handling example\n')
        f.write('Line 3: End of file\n')
    print(f"Successfully created '{file_name}' for testing.")
except Exception as e:
    print(f"Error creating file '{file_name}': {e}")

Successfully created 'sample_data.txt' for testing.


Now, here's the main program to read and process the file, incorporating `try-except` blocks for error handling.

In [6]:
def read_and_process_file(file_path):
    try:
        # Attempt to open the file in read mode
        with open(file_path, 'r') as file:
            print(f"\nSuccessfully opened '{file_path}'. Reading content...")
            data = file.read()
            print("File content:")
            print(data)
            # Example processing: count lines
            lines = data.strip().split('\n')
            print(f"Number of lines in the file: {len(lines)}")

    except FileNotFoundError:
        print(f"Error: The file '{file_path}' was not found. Please check the path and filename.")
    except PermissionError:
        print(f"Error: You do not have sufficient permissions to access '{file_path}'.")
    except Exception as e:
        # Catch any other unexpected exceptions
        print(f"An unexpected error occurred: {e}")

# --- Test cases ---
print("--- Testing with an existing file ---")
read_and_process_file('sample_data.txt')

print("\n--- Testing with a non-existent file ---")
read_and_process_file('non_existent_file.txt')

# To test PermissionError, you might need to create a file with restricted permissions
# (e.g., in a Linux/macOS environment using chmod)
# For example, create a file and remove read permissions:
# with open('restricted_file.txt', 'w') as f: f.write('secret data')
# import os; os.chmod('restricted_file.txt', 0o000) # This makes it unreadable
# print("\n--- Testing with a restricted file ---")
# read_and_process_file('restricted_file.txt')
# os.chmod('restricted_file.txt', 0o644) # Restore permissions for cleanup
# os.remove('restricted_file.txt') # Clean up


--- Testing with an existing file ---

Successfully opened 'sample_data.txt'. Reading content...
File content:
Line 1: Hello Python
Line 2: Error handling example
Line 3: End of file

Number of lines in the file: 3

--- Testing with a non-existent file ---
Error: The file 'non_existent_file.txt' was not found. Please check the path and filename.


### Recursive Fibonacci Function

This method defines the Fibonacci sequence recursively. Each number in the sequence is the sum of the two preceding ones, usually starting with `0` and `1`. The base cases are `F(0) = 0` and `F(1) = 1`.

In [4]:
def fibonacci_recursive(n):
    # Base cases for the Fibonacci sequence
    if n <= 0:
        return 0
    elif n == 1:
        return 1
    # Recursive step: F(n) = F(n-1) + F(n-2)
    else:
        return fibonacci_recursive(n-1) + fibonacci_recursive(n-2)

# Test cases
print(f"Fibonacci(0): {fibonacci_recursive(0)}")    # Expected: 0
print(f"Fibonacci(1): {fibonacci_recursive(1)}")    # Expected: 1
print(f"Fibonacci(2): {fibonacci_recursive(2)}")    # Expected: 1
print(f"Fibonacci(3): {fibonacci_recursive(3)}")    # Expected: 2
print(f"Fibonacci(5): {fibonacci_recursive(5)}")    # Expected: 5
print(f"Fibonacci(10): {fibonacci_recursive(10)}")  # Expected: 55

Fibonacci(0): 0
Fibonacci(1): 1
Fibonacci(2): 1
Fibonacci(3): 2
Fibonacci(5): 5
Fibonacci(10): 55


# Task
Create a Python program for a basic insecure user login system that stores passwords in plain text and lacks input validation. Then, analyze its security flaws. Following this, develop a secure version of the login system that uses password hashing (e.g., with `bcrypt`) and includes robust input validation. Finally, summarize the differences and improvements between the insecure and secure versions.

## Generate Basic Insecure Login System

### Subtask:
Create a Python program for a basic user login system. This version will store passwords in plain text and lack robust input validation, demonstrating common security vulnerabilities.


## Generate Basic Insecure Login System

### Subtask:
Create a Python program for a basic user login system. This version will store passwords in plain text and lack robust input validation, demonstrating common security vulnerabilities.


**Reasoning**:
The next step is to implement the `register_insecure_user` function and the `insecure_users` dictionary as per the subtask instructions.



In [7]:
insecure_users = {}

def register_insecure_user(username, password):
    """Registers a user with a plain-text password (insecure)."""
    insecure_users[username] = password
    print(f"User '{username}' registered (insecurely).")

# Test registration
register_insecure_user("admin", "password123")
register_insecure_user("user1", "testpass")
print(f"Current users: {insecure_users}")

User 'admin' registered (insecurely).
User 'user1' registered (insecurely).
Current users: {'admin': 'password123', 'user1': 'testpass'}


**Reasoning**:
Now, I will implement the `login_insecure_user` function to check user credentials against the stored plain-text passwords, as outlined in the subtask instructions. This function will demonstrate the insecure login mechanism.



In [9]:
def login_insecure_user(username, password):
    """Logs in a user by checking plain-text password (insecure)."""
    if username in insecure_users:
        if insecure_users[username] == password:
            print(f"Login successful for user '{username}'.")
            return True
        else:
            print(f"Login failed for user '{username}': Incorrect password.")
            return False
    else:
        print(f"Login failed: User '{username}' not found.")
        return False
# Demonstrate login functionality
print("\n--- Testing Insecure Login ---")
login_insecure_user("admin", "password123")     # Correct credentials
login_insecure_user("user1", "wrongpass")      # Incorrect password
login_insecure_user("admin", "wrongadminpass") # Incorrect password
login_insecure_user("user2", "somepass")       # Non-existent user
login_insecure_user("user1", "testpass")       # Correct credentials


--- Testing Insecure Login ---
Login successful for user 'admin'.
Login failed for user 'user1': Incorrect password.
Login failed for user 'admin': Incorrect password.
Login failed: User 'user2' not found.
Login successful for user 'user1'.


True

### Analyze Security Flaws of the Insecure Version

This section will analyze the vulnerabilities present in the basic insecure user login system, specifically focusing on the plain-text password storage and the lack of input validation.

### Analyze Security Flaws of the Insecure Version

This section will analyze the vulnerabilities present in the basic insecure user login system, specifically focusing on the plain-text password storage and the lack of input validation.

### Detailed Analysis of Insecure Login System's Security Flaws

The insecure login system developed previously exhibits several critical security vulnerabilities due to its design choices:

1.  **Plain-Text Password Storage**: This is the most severe flaw. Passwords are stored directly as submitted by the user (e.g., in the `insecure_users` dictionary). If this dictionary (or a corresponding database in a real application) is ever accessed by an unauthorized party (e.g., via a data breach, insider threat, or unpatched vulnerability), all user passwords are immediately compromised. Attackers gain direct access to clear-text credentials, which can then be used to access other services where users might reuse passwords.

2.  **Lack of Input Validation/Sanitization**: The system accepts any string as a username or password without checks. This opens up several potential issues:
    *   **Injection Attacks (Hypothetical)**: While our simple dictionary-based system doesn't directly suffer from SQL injection or command injection, a real-world application built on this insecure principle (e.g., interacting with a database or OS commands) would be highly vulnerable. Malicious input could alter queries or execute unintended commands.
    *   **Arbitrary Data Entry**: Users can enter extremely long usernames or passwords. In systems with fixed-size buffers, this could lead to buffer overflows. Even without that, it can lead to unnecessary storage consumption or unexpected behavior.
    *   **Weak Password Enforcement**: There are no rules for password complexity (minimum length, requiring special characters, numbers, etc.). Users can set easily guessable passwords like '123' or 'password', making them highly susceptible to dictionary attacks.

3.  **No Password Hashing or Salting**: Even if passwords weren't stored in plain text but were somehow

### Detailed Analysis of Insecure Login System's Security Flaws

The insecure login system developed previously exhibits several critical security vulnerabilities due to its design choices:

1.  **Plain-Text Password Storage**: This is the most severe flaw. Passwords are stored directly as submitted by the user (e.g., in the `insecure_users` dictionary). If this dictionary (or a corresponding database in a real application) is ever accessed by an unauthorized party (e.g., via a data breach, insider threat, or unpatched vulnerability), all user passwords are immediately compromised. Attackers gain direct access to clear-text credentials, which can then be used to access other services where users might reuse passwords.

2.  **Lack of Input Validation/Sanitization**: The system accepts any string as a username or password without checks. This opens up several potential issues:
    *   **Injection Attacks (Hypothetical)**: While our simple dictionary-based system doesn't directly suffer from SQL injection or command injection, a real-world application built on this insecure principle (e.g., interacting with a database or OS commands) would be highly vulnerable. Malicious input could alter queries or execute unintended commands.
    *   **Arbitrary Data Entry**: Users can enter extremely long usernames or passwords. In systems with fixed-size buffers, this could lead to buffer overflows. Even without that, it can lead to unnecessary storage consumption or unexpected behavior.
    *   **Weak Password Enforcement**: There are no rules for password complexity (minimum length, requiring special characters, numbers, etc.). Users can set easily guessable passwords like '123' or 'password', making them highly susceptible to dictionary attacks.

3.  **No Password Hashing or Salting**: Even if passwords weren't stored in plain text but were somehow *encrypted*, without proper hashing (one-way transformation) and salting (adding random data to each password before hashing), they could still be vulnerable. Hashing prevents direct retrieval of the original password, and salting prevents pre-computation attacks like rainbow tables. The current system offers no such protection, making it easy for an attacker who gains access to the password storage to immediately use the passwords.

### Detailed Analysis of Insecure Login System's Security Flaws

The insecure login system developed previously exhibits several critical security vulnerabilities due to its design choices:

1.  **Plain-Text Password Storage**: This is the most severe flaw. Passwords are stored directly as submitted by the user (e.g., in the `insecure_users` dictionary). If this dictionary (or a corresponding database in a real application) is ever accessed by an unauthorized party (e.g., via a data breach, insider threat, or unpatched vulnerability), all user passwords are immediately compromised. Attackers gain direct access to clear-text credentials, which can then be used to access other services where users might reuse passwords.

2.  **Lack of Input Validation/Sanitization**: The system accepts any string as a username or password without checks. This opens up several potential issues:
    *   **Injection Attacks (Hypothetical)**: While our simple dictionary-based system doesn't directly suffer from SQL injection or command injection, a real-world application built on this insecure principle (e.g., interacting with a database or OS commands) would be highly vulnerable. Malicious input could alter queries or execute unintended commands.
    *   **Arbitrary Data Entry**: Users can enter extremely long usernames or passwords. In systems with fixed-size buffers, this could lead to buffer overflows. Even without that, it can lead to unnecessary storage consumption or unexpected behavior.
    *   **Weak Password Enforcement**: There are no rules for password complexity (minimum length, requiring special characters, numbers, etc.). Users can set easily guessable passwords like '123' or 'password', making them highly susceptible to dictionary attacks.

3.  **No Password Hashing or Salting**: Even if passwords weren't stored in plain text but were somehow *encrypted*, without proper hashing (one-way transformation) and salting (adding random data to each password before hashing), they could still be vulnerable. Hashing prevents direct retrieval of the original password, and salting prevents pre-computation attacks like rainbow tables. The current system offers no such protection, making it easy for an attacker who gains access to the password storage to immediately use the passwords.

### Detailed Analysis of Insecure Login System's Security Flaws

The insecure login system developed previously exhibits several critical security vulnerabilities due to its design choices:

1.  **Plain-Text Password Storage**: This is the most severe flaw. Passwords are stored directly as submitted by the user (e.g., in the `insecure_users` dictionary). If this dictionary (or a corresponding database in a real application) is ever accessed by an unauthorized party (e.g., via a data breach, insider threat, or unpatched vulnerability), all user passwords are immediately compromised. Attackers gain direct access to clear-text credentials, which can then be used to access other services where users might reuse passwords.

2.  **Lack of Input Validation/Sanitization**: The system accepts any string as a username or password without checks. This opens up several potential issues:
    *   **Injection Attacks (Hypothetical)**: While our simple dictionary-based system doesn't directly suffer from SQL injection or command injection, a real-world application built on this insecure principle (e.g., interacting with a database or OS commands) would be highly vulnerable. Malicious input could alter queries or execute unintended commands.
    *   **Arbitrary Data Entry**: Users can enter extremely long usernames or passwords. In systems with fixed-size buffers, this could lead to buffer overflows. Even without that, it can lead to unnecessary storage consumption or unexpected behavior.
    *   **Weak Password Enforcement**: There are no rules for password complexity (minimum length, requiring special characters, numbers, etc.). Users can set easily guessable passwords like '123' or 'password', making them highly susceptible to dictionary attacks.

3.  **No Password Hashing or Salting**: Even if passwords weren't stored in plain text but were somehow *encrypted*, without proper hashing (one-way transformation) and salting (adding random data to each password before hashing), they could still be vulnerable. Hashing prevents direct retrieval of the original password, and salting prevents pre-computation attacks like rainbow tables. The current system offers no such protection, making it easy for an attacker who gains access to the password storage to immediately use the passwords.

## Generate Secure Login System

### Subtask:
Develop a revised Python program for the user login system. This secure version will implement password hashing using a library like `bcrypt` and include proper input validation to mitigate the flaws identified in the basic version.


**Reasoning**:
The first step in creating the secure login system is to install the `bcrypt` library, as specified in the instructions. This is a prerequisite for hashing passwords.



In [10]:
pip install bcrypt
print("bcrypt library installed.")

SyntaxError: invalid syntax (ipython-input-410033240.py, line 1)

**Reasoning**:
The previous command `pip install bcrypt` resulted in a `SyntaxError` because shell commands like `pip install` need to be prefixed with `!` when executed in a Python code cell within Colab. I will add the `!` to correctly execute the installation.



In [12]:
!pip install bcrypt
print("bcrypt library installed.")

bcrypt library installed.


**Reasoning**:
Now that `bcrypt` is installed, I need to initialize an empty dictionary `secure_users` to store the user credentials (hashed passwords) for the secure login system, as instructed in step 2 of the subtask.



In [13]:
secure_users = {}
print("Initialized 'secure_users' dictionary.")

Initialized 'secure_users' dictionary.


**Reasoning**:
Following the instructions, I will now define the `register_secure_user` function, incorporating input validation for both username and password, and using `bcrypt` to hash the passwords before storing them in the `secure_users` dictionary.



In [14]:
import bcrypt
import re # Import regex for advanced password validation

def register_secure_user(username, password):
    """Registers a user with a hashed password and input validation."""
    # Input Validation
    if not isinstance(username, str) or not isinstance(password, str):
        print("Registration failed: Username and password must be strings.")
        return False

    if not (3 <= len(username) <= 20) or not re.fullmatch(r'[a-zA-Z0-9_]+', username):
        print("Registration failed: Username must be 3-20 alphanumeric characters or underscores.")
        return False

    if len(password) < 8:
        print("Registration failed: Password must be at least 8 characters long.")
        return False
    if not re.search(r'[A-Z]', password):
        print("Registration failed: Password must contain at least one uppercase letter.")
        return False
    if not re.search(r'[a-z]', password):
        print("Registration failed: Password must contain at least one lowercase letter.")
        return False
    if not re.search(r'\d', password):
        print("Registration failed: Password must contain at least one digit.")
        return False
    if not re.search(r'[^a-zA-Z0-9]', password):
        print("Registration failed: Password must contain at least one special character.")
        return False
    if username in secure_users:
        print(f"Registration failed: Username '{username}' already exists.")
        return False

    # Hash the password
    # bcrypt expects bytes, so encode the password
    hashed_password = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt())

    secure_users[username] = hashed_password
    print(f"User '{username}' registered securely.")
    return True

# Test cases for registration
print("\n--- Testing Secure Registration ---")
register_secure_user("secure_admin", "Pass@word123") # Valid
register_secure_user("testuser", "MyStrongPass1!") # Valid
register_secure_user("secure_admin", "AnotherPass1!") # Duplicate username
register_secure_user("short", "pass123") # Short username
register_secure_user("user123", "short") # Short password
register_secure_user("user_no_upper", "password123!") # No uppercase
register_secure_user("user_no_digit", "Password!") # No digit
register_secure_user("user_no_special", "Password123") # No special char
print(f"Current secure users: {secure_users}")


--- Testing Secure Registration ---
User 'secure_admin' registered securely.
User 'testuser' registered securely.
Registration failed: Username 'secure_admin' already exists.
Registration failed: Password must be at least 8 characters long.
Registration failed: Password must be at least 8 characters long.
Registration failed: Password must contain at least one uppercase letter.
Registration failed: Password must contain at least one digit.
Registration failed: Password must contain at least one special character.
Current secure users: {'secure_admin': b'$2b$12$RiujhO.l6lh4EmRTWTn9yOxhXmq15ujqVoDp/q3ZAVmUzQdKiECbu', 'testuser': b'$2b$12$voVDrxyXgMvNEHvzjsmmSOHJV4V1n8Zb0Sg16h3aSR0DEeHCyV7ia'}


**Reasoning**:
Now that the `register_secure_user` function is implemented and tested, I will define the `login_secure_user` function, which will include input validation and use `bcrypt.checkpw()` to verify provided passwords against the stored hashed passwords, as per the subtask instructions.



In [15]:
def login_secure_user(username, password):
    """Logs in a user by verifying hashed password with input validation."""
    # Input Validation (similar to registration)
    if not isinstance(username, str) or not isinstance(password, str):
        print("Login failed: Username and password must be strings.")
        return False

    if not (3 <= len(username) <= 20) or not re.fullmatch(r'[a-zA-Z0-9_]+', username):
        print("Login failed: Invalid username format.")
        return False

    # Password validation on login should generally be less strict than registration
    # to allow users to log in even if password rules change, but a basic check is good.
    if len(password) < 8: # Minimum length check for password
        print("Login failed: Password too short.")
        return False

    if username not in secure_users:
        print(f"Login failed: User '{username}' not found.")
        return False

    stored_hashed_password = secure_users[username]

    # Verify the password
    # bcrypt.checkpw expects bytes for both arguments
    if bcrypt.checkpw(password.encode('utf-8'), stored_hashed_password):
        print(f"Login successful for user '{username}'.")
        return True
    else:
        print(f"Login failed for user '{username}': Incorrect password.")
        return False

# --- Test cases for login ---
print("\n--- Testing Secure Login ---")
login_secure_user("secure_admin", "Pass@word123") # Correct credentials
login_secure_user("testuser", "MyStrongPass1!")   # Correct credentials
login_secure_user("secure_admin", "wrongpassword") # Incorrect password
login_secure_user("non_existent", "SomePass1!")  # Non-existent user
login_secure_user("testuser", "short")          # Password too short
login_secure_user("short", "Pass@word123")       # Invalid username format



--- Testing Secure Login ---
Login successful for user 'secure_admin'.
Login successful for user 'testuser'.
Login failed for user 'secure_admin': Incorrect password.
Login failed: User 'non_existent' not found.
Login failed: Password too short.
Login failed: User 'short' not found.


False

## Final Task

### Subtask:
Summarize the basic and secure login systems, emphasizing the improvements made in the secure version regarding password handling and input validation.


## Summary:

### Q&A
The secure login system significantly improves upon the basic insecure version by addressing critical vulnerabilities in password handling and input validation. The basic system stored passwords in plain text, making them fully exposed if the storage was compromised, and had no input validation, allowing for weak passwords and potential injection risks. The secure version resolves these by:
*   **Password Handling**: Employing `bcrypt` to hash passwords, ensuring that passwords are never stored in plain text. Instead, a one-way cryptographic hash is stored, making it impossible to retrieve the original password even if the hashed data is accessed. Each password is also salted during hashing using `bcrypt.gensalt()`, further protecting against rainbow table attacks.
*   **Input Validation**: Implementing robust validation rules for both usernames and passwords. Usernames must be between 3 and 20 alphanumeric characters or underscores. Passwords require a minimum length of 8 characters and must include at least one uppercase letter, one lowercase letter, one digit, and one special character. This prevents users from setting easily guessable passwords and guards against various input-related attacks.

### Data Analysis Key Findings
*   **Insecure Login System Flaws**:
    *   **Plain-Text Password Storage**: Passwords were stored directly in clear text (e.g., "password123", "testpass"), making them immediately vulnerable to compromise in the event of a data breach.
    *   **Lack of Input Validation**: No checks were performed on usernames or passwords, allowing for arbitrary data entry, weak passwords (e.g., "short"), and potential vulnerabilities to injection attacks in a real-world scenario.
    *   **No Hashing or Salting**: The system offered no cryptographic protection for passwords, leaving them susceptible to direct retrieval and pre-computation attacks like rainbow tables.
*   **Secure Login System Improvements**:
    *   **Password Hashing with `bcrypt`**: Passwords are now hashed using `bcrypt.hashpw()` and `bcrypt.gensalt()`, storing a secure, irreversible hash (e.g., `b'$2b$12$...'`) instead of the plain-text password.
    *   **Robust Input Validation (Registration)**:
        *   Usernames must be 3-20 alphanumeric characters or underscores.
        *   Passwords must be at least 8 characters long and contain at least one uppercase letter, one lowercase letter, one digit, and one special character.
    *   **Input Validation (Login)**: Basic checks like minimum password length (at least 8 characters) and valid username format (3-20 alphanumeric characters or underscores) are applied to enhance security during login attempts.
    *   **Secure Password Verification**: Passwords are verified using `bcrypt.checkpw()`, which safely compares the provided password against the stored hash without exposing the original password.
*   **Demonstrated Functionality**: Both insecure and secure systems were successfully implemented and tested, showing correct registration and login for valid inputs, and appropriate failure messages for invalid or insecure attempts.

### Insights or Next Steps
*   The transition from plain-text storage to `bcrypt` hashing and the implementation of comprehensive input validation significantly elevate the security posture of the login system, protecting user credentials from common attack vectors.
*   Further enhancements could include rate limiting for login attempts to mitigate brute-force attacks, multi-factor authentication (MFA) for an additional layer of security, and logging of security-related events for auditing and intrusion detection.


# Task
Generate a Python script that simulates logging user activity (username, IP address, timestamp), analyze the privacy risks associated with logging sensitive data, identify types of data that should not be logged, and summarize the generated logging script, the privacy risks, and the data types to avoid.

## Generate User Activity Logging Script

### Subtask:
Create a Python script that simulates logging user activity including username, IP address, and timestamp.


**Reasoning**:
I will define the `user_activity_logs` list and the `log_activity` function, then simulate user activities by calling the function multiple times and finally print the collected logs, as per the instructions to create a user activity logging script.



In [16]:
import datetime

# 1. Define an empty list to store log entries
user_activity_logs = []

# 2. Define a function to log activity
def log_activity(username, ip_address, timestamp=None):
    """Logs user activity including username, IP address, and timestamp."""
    # 3. Generate timestamp if not provided and format it
    if timestamp is None:
        timestamp = datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")

    # 4. Create a dictionary for the log entry
    log_entry = {
        "username": username,
        "ip_address": ip_address,
        "timestamp": timestamp
    }

    # 5. Append this dictionary to the user_activity_logs list
    user_activity_logs.append(log_entry)
    print(f"Logged activity for {username} from {ip_address} at {timestamp}")

# 6. Call log_activity multiple times to simulate user actions
print("\n--- Simulating User Activity ---")
log_activity("admin", "192.168.1.100")
log_activity("user1", "10.0.0.5", timestamp="2023-10-27 10:30:00") # Provided timestamp
log_activity("guest", "172.16.0.1")
log_activity("user1", "10.0.0.5") # Another activity for user1
log_activity("admin", "192.168.1.101") # Admin from different IP

# 7. Print all the entries stored in the user_activity_logs list
print("\n--- User Activity Logs ---")
for log in user_activity_logs:
    print(log)



--- Simulating User Activity ---
Logged activity for admin from 192.168.1.100 at 2026-01-23 04:36:14
Logged activity for user1 from 10.0.0.5 at 2023-10-27 10:30:00
Logged activity for guest from 172.16.0.1 at 2026-01-23 04:36:14
Logged activity for user1 from 10.0.0.5 at 2026-01-23 04:36:14
Logged activity for admin from 192.168.1.101 at 2026-01-23 04:36:14

--- User Activity Logs ---
{'username': 'admin', 'ip_address': '192.168.1.100', 'timestamp': '2026-01-23 04:36:14'}
{'username': 'user1', 'ip_address': '10.0.0.5', 'timestamp': '2023-10-27 10:30:00'}
{'username': 'guest', 'ip_address': '172.16.0.1', 'timestamp': '2026-01-23 04:36:14'}
{'username': 'user1', 'ip_address': '10.0.0.5', 'timestamp': '2026-01-23 04:36:14'}
{'username': 'admin', 'ip_address': '192.168.1.101', 'timestamp': '2026-01-23 04:36:14'}
