堆栈内存溢出
  简体   繁体   English

Python是获取数据库访问权限的安全方法?

[英]Python a secure way to get the database access?

 原文  2017-09-20 12:05:47       python

问题描述

I'm having some doubts about how can I "secure" the database's information to connect. 我对如何“保护”数据库信息进行连接有一些疑问。 There is someway that I can get the access to the database in a more secure way? 有某种方式可以使我以更安全的方式访问数据库吗? A Rest Api? 休息的阿皮? Or if someone can tell me a more secure that sending the access on the code 或者,如果有人可以告诉我更安全的方法,那就发送代码访问权限

Thanks in advance 提前致谢 

config = {
    'user': 'user',
    'password': 'password.',
    'host': 'localhost',
    'database': 'files_to_check',
    'raise_on_warnings': True,
}

try:
    # Try to connect to database
    cnx = mysql.connector.connect(**config)


    # Pointer of the sql
    cursor = cnx.cursor()

    # Query to get the files from the database
    query = ("SELECT filename FROM filenames")
    queryhash = ("SELECT hash FROM filenames")

    # Execute the query
    cursor.execute(query)

    # select all the filenames from database
    # array to fill with the files from the database
    files_to_check = [str(row[0]) for row in cursor.fetchall()]
    cursor.close()

    cursor = cnx.cursor()
    cursor.execute(queryhash)
    # array to fill with the hash from the database
    hash_to_check = [str(row[0]) for row in cursor.fetchall()]

# Error definition on connection
except mysql.connector.Error as err:
    # Check username and password
    if err.errno == errorcode.ER_ACCESS_DENIED_ERROR:
        print("[*] Username or password are invalid")
    elif err.errno == errorcode.ER_BAD_DB_ERROR:
        # Check if database that are connection exists
        print("[*] Database does not exist")
    else:
        print(err)
else:
    cnx.close()

2 个解决方案

解决方案1
 3  2017-09-20 12:14:24

One way is to use an external config file to store the user, password, and other sensitive information. 一种方法是使用外部配置文件存储用户,密码和其他敏感信息。

Then use your operating system's permission system to restrict access to that file such that your application can read the file, but other unprivileged users can not. 然后,使用操作系统的权限系统来限制对该文件的访问,以使您的应用程序可以读取该文件,而其他非特权用户则不能。

Also make sure that you use a SSL connection to the database. 还要确保您使用与数据库的SSL连接。

You should also look at authentication plugins. 您还应该查看身份验证插件。

解决方案2
 3  2017-09-20 12:14:34

I'm guessing your question is how to not have to include the DB information (host, port, password, etc.) in the code. 我猜您的问题是,如何在代码中不必包含数据库信息(主机,端口,密码等)。 I would say the two easiest ways are: 我会说两种最简单的方法是:

  • Environment variables 环境变量
  • Separate configuration files 单独的配置文件

Environment variables 环境变量 

import os

config = {
    'user': os.getenv('DB_USER'),
    'password': os.getenv('DB_PASSWORD'),
    'host': os.getenv('DB_HOST'),
    'database': os.getenv('DB_DATABASE'),
    'raise_on_warnings': os.getenv('DB_DATABASE', 'true') == 'true',
}

Configuration file 配置文件 

import json

with open('config.json') as file:
    config = json.load(file)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何以安全方式从外部访问PostgreSQL数据库 - How to access PostgreSQL database externally in a secure way 使用python访问PostgreSQL数据库的安全方法 - Secure way of accessing a PostgreSQL database using python 用python 3.3访问mssql数据库的最佳方法 - best way to access mssql database with python 3.3 如何以安全的方式获取日期? - How to get the date in a secure way? 使用Python访问Google Sheet的更好方法 - Better way to get access to Google Sheet with Python 有没有办法从 python 中获取数据库的模式? - Is there a way to get a schema of a database from within python? 使用python数据集访问和关闭postgres数据库的最佳方法 - Best way to access and close a postgres database using python dataset 编写具有Django数据库功能访问权限的Python程序的最简单方法 - Easiest way to write a Python program with access to Django database functionality 使用来自用户数据库的Python凭据安全登录 - Secure login with Python credentials from user database 如何在python中以安全的方式创建目录 - How to create directories in a secure way in python
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM