[英]Best approach to secure user account credentials while using Selenium with Python
I was playing around with Selenium and Python and writing a program that would log in to one of my local pizza shops website and place my regular order for me with the click of a button.我正在玩 Selenium 和 Python 并编写一个程序,该程序将登录到我当地的一个披萨店网站,然后单击按钮为我下订单。
I then got curious about what the best approach would be to protect log in credentials in a situation like this since the username and password are written directly into the code.然后我很好奇在这种情况下保护登录凭据的最佳方法是什么,因为用户名和密码直接写入代码中。 I read about 64 bit encoding but that doesn't seem to be secure.我阅读了有关 64 位编码的信息,但这似乎并不安全。 I also thought about creating a separate file that would hold the account information but then the file path for it would still have be in the code (I assume?) and they could just access that if they wanted to.我还考虑过创建一个单独的文件来保存帐户信息,但它的文件路径仍然在代码中(我假设?),如果他们愿意,他们可以访问它。
I really have no need to secure my pizza ordering, this is more a general question that peaked my interest.我真的不需要确保我的披萨订购,这是一个更普遍的问题,使我的兴趣达到顶峰。 I was wondering if anybody could point me in some good directions.我想知道是否有人可以为我指出一些好的方向。 Not my exact code below but just code to show general idea of what I mean.下面不是我的确切代码,而只是显示我的意思的一般概念的代码。 Thanks in advance for any help!提前感谢您的帮助!
driver = webdriver.Chrome()
username = driver.find_element_by_id("username")
password = driver.find_element_by_id("password")
username.send_keys("YourUsername")
password.send_keys("PassworD")
driver.find_element_by_name("submit").click()
For security reason if you don't want to store the username/password within the code or store it in a text/csv/excel file you can take the user input runtime using input()
as follows:出于安全原因,如果您不想将用户名/密码存储在代码中或将其存储在 text/csv/excel 文件中,您可以使用input()
获取用户输入运行时,如下所示:
driver.find_element_by_id("username").send_keys(input("Username: "))
driver.find_element_by_id("password").send_keys(input("Password: "))
A common approach for storing secrets is to use a .env
file.存储机密的常用方法是使用.env
文件。 This is a simple file that it is usually stored at the project's root.这是一个简单的文件,它通常存储在项目的根目录中。 The concept is that when the python script is executed every variable contained in the .env
file is injected in the running environment too.这个概念是,当 python 脚本被执行时,包含在.env
文件中的每个变量也会被注入到运行环境中。 This file should also be included in .gitignore
in order to prevent it from uploading to the code repository.这个文件也应该包含在.gitignore
中,以防止它上传到代码库。
The dotenv
python module is a utility to help with this approach. dotenv
python 模块是一个实用工具,可帮助实现此方法。 You can read more here https://github.com/theskumar/python-dotenv你可以在这里阅读更多https://github.com/theskumar/python-dotenv
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.