且构网

分享程序员开发的那些事...
且构网 - 分享程序员编程开发的那些事

数据库凭据是否以纯文本格式存储可以吗?

更新时间:2023-02-07 09:23:05

你是正确的。但您可以通过以下方式提高安全性:

You are correct. But you can increase security by:


  • 正确设置权限(这将取决于您的设置)。

  • Setting the permissions correctly (this will depend on your set up). Ideally only python should be able to read the file.

将文件存储在 www htdocs root。

Storing the file out of the www or htdocs root. If at this point an attacker still has access to them, you are screwed anyways.

为了增加安全性,您可以使用对称加密来加密连接设置:AES)。将密钥存储在其他地方。因此,即使有人设法访问连接设置,他们仍然需要找到密钥。主要缺点是现在必须重写连接方法。

For added security, you can encrypt the connection settings using symmetric encryption (eg: AES). Store the key somewhere else. So even if someone managed to access the connection settings, they'd still need to find the key. The main drawback is that now you have to rewrite the connection method.