python连接到postgresql的最佳实践是什么?
[英]What is the best practice for python connecting to postgresql?
问题描述
I'm working on a python script that will need to connect to a postgreSQL server. 
我正在研究需要连接到postgreSQL服务器的python脚本。 What the best practice for the username and password? 用户名和密码的最佳做法是什么? In this tutorial ZetCode is just using the username and password (if needed) in the code itself. 在本教程中,ZetCode仅在代码本身中使用用户名和密码(如果需要)。 Is this the right way or should there be some sort of hashed file to read from? 这是正确的方法还是应该读取某种哈希文件?
http://zetcode.com/db/postgresqlpythontutorial/ http://zetcode.com/db/postgresqlpythontutorial/
1 个解决方案
解决方案1
0 已采纳 2014-03-08 14:25:06
Store the username and password in a file, then restricting access to that file would be a good start. 将用户名和密码存储在文件中,然后限制对该文件的访问将是一个好的开始。
Storing a hashed username or password won't work, because you cannot undo a hash function. 由于无法撤消哈希函数,因此无法存储哈希的用户名或密码。
If you think that storing the username and password in plain text isn't secure enough in your situation, encrypt them. 如果您认为以纯文本格式存储用户名和密码不够安全,请对其进行加密。 When the script starts, it asks for the passphrase. 脚本启动时,它要求输入密码。 That passphrase is then hashed using PBKDF2 or scrypt . 然后使用PBKDF2或scrypt对该密码短语进行哈希处理。 Use that hash as the key for encryption/decryption. 使用该哈希作为加密/解密的密钥。 See cryptographic right answers . 请参阅加密正确答案 。
This does mean that your script needs operator input every time it starts! 这确实意味着您的脚本每次启动时都需要操作员输入!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.