堆栈内存溢出
  简体   繁体   English

如何在Windows中安全地存储数据库凭据?

[英]How to securely store database credentials in windows?

 原文  2018-08-15 13:52:50       python/ sql-server/ windows/ pymssql/ database-security

问题描述

I use python and SQL-server to manage a database, but I do not know "good practices" about database management and know few about security information. 我使用python和SQL-server来管理数据库,但我不知道有关数据库管理的“良好实践”,并且对安全信息知之甚少。

Is it secure to save Database credentials in Windows as a environment variable and use it into scripts with os.environ ? 将Windows中的数据库凭据作为环境变量保存并将其用于os.environ脚本是否安全? Like this: 像这样: 

import os
DB_HOST = os.environ['DBHOST']
DB_USER = os.environ['DBUSER']
...

How is the proper way to store credentials to automate uses of databases? 如何以正确的方式存储凭据以自动使用数据库?

3 个解决方案

解决方案1
 1 已采纳  2018-08-15 14:03:33

If you are asking if you should permanently set environment variables for your laptop - I'd avoid that because any process could list all environment variables on the PC and the associated stored values quite easily. 如果您在询问是否应该为笔记本电脑永久设置环境变量 - 我会避免这种情况,因为任何进程都可以很容易地列出PC上的所有环境变量和相关的存储值。

Instead - I'd recommend checking out Keyring . 相反 - 我建议退房钥匙圈 This will use the Windows Credential Locker (or other OS specific keyring services). 这将使用Windows Credential Locker(或其他特定于操作系统的密钥环服务)。

解决方案2
 1  2018-08-15 14:04:40

Usually secure credentials are stored in a .env file that relates to your current environment and then are grabbed from within your code. 通常,安全凭证存储在与您当前环境相关的.env文件中,然后从您的代码中获取。 Eg DB_HOST = env('DBHOST'). 例如DB_HOST = env('DBHOST')。

Basically what you're doing right now but stored in a file (as secure as you need it, possibly encrypted) rather than directly as environment variables as they're accessible from the entire machine. 基本上你现在正在做什么,但存储在一个文件中(尽可能安全,可能是加密的)而不是直接作为环境变量,因为它们可以从整个机器访问。

解决方案3
 1  2018-08-15 15:40:13

By using Encryptedbypassphrase('key','Your_Password') method in sqlserver, Example, 通过在sqlserver中使用Encryptedbypassphrase('key','Your_Password')方法,例如,

create table #temp(id int identity(1,1),Password varbinary(max)) insert into #temp(Password) values(encryptbypassphrase('12','Passw0rd')) select * from #temp

In that code we are provide the original password but it stored in the database table by encrypted value. 在该代码中,我们提供原始密码,但它通过加密值存储在数据库表中。

Screenshot of my output: 我输出的屏幕截图:

为您的参考我的输出屏幕截图如下,

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何安全有效地将SSN存储在数据库中? - How to securely and efficiently store SSN in a database? 如何在 python 中安全地传递凭据? - How to securely pass credentials in python? 如何使用AWS凭证安全地签署请求? - How to securely sign requests with aws credentials? Rails 加密凭证功能的 Python 世界模拟(安全地存储秘密) - Python world analog of Rails encrypted credentials feature (to store secrets securely) 如何安全地存储加密密钥? - How to store a crypto key securely? 如何安全连接到 MySQL 数据库 - How to securely connect to MySQL database 如何安全地存储 API 密钥和机密? - How to securely store API keys and secrets? 如何在python中安全存储LWPCookieJar对象? - How to securely store LWPCookieJar objects in python? 如何在 Python Flask 中为 API 安全地保存多个凭据? - How to save multiple credentials securely for an API in Python Flask? 如何在云计算环境中安全地分发凭据? - How can credentials be securely distributed in a cloud computing environment?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM