是否可以将数据库凭据以纯文本格式存储?
[英]Is it okay that database credentials are stored in plain text?
问题描述
By default, the Django database host/user/password are stored in the project settings.py file in plain text. 
默认情况下,Django数据库主机/用户/密码以纯文本形式存储在项目settings.py文件中。
I can't seem to think of a better way at the moment, but this seems to be against best practices for password storage. 我现在似乎无法想到更好的方法,但这似乎违背了密码存储的最佳实践。 Granted, if an attacker has access to the settings file, then all is probably already lost. 当然,如果攻击者可以访问设置文件,那么所有人都可能已经丢失。 Even if the the file were encrypted, the attacker would probably have the means to decrypt it by then. 即使文件是加密的,攻击者也可能有办法在那时解密它。
Is this okay? 这个可以吗?
3 个解决方案
解决方案1
24 已采纳 2010-08-22 05:49:20
You are correct that storing passwords in plaintext and in a settings.py file is not good security. 你在明文和settings.py文件中存储密码是不正确的。 You could increase security by: 您可以通过以下方式提高安
Setting the permissions correctly (this will depend on your set up).
正确设置权限(这取决于您的设置)。 Ideally only python should be able to read the file. 理想情况下,只有python应该能够读取文件。 Storing the file out of the
wwworhtdocsroot.将文件存储在www或htdocs根目录之外。 If at this point an attacker still has access to them, you are screwed anyways.如果此时攻击者仍然可以访问它们,那么无论如何你都被搞砸了。 For added security, you can encrypt the connection settings using symmetric encryption (eg: AES).
为了增加安全性,您可以使用对称加密(例如:AES)加密连接设置。 Store the key somewhere else. 将密钥存储在其他位置。 So even if someone managed to access the connection settings, they'd still need to find the key. 因此,即使有人设法访问连接设置,他们仍然需要找到密钥。 The main drawback is that now you have to rewrite the connection method. 主要缺点是现在你必须重写连接方法。
解决方案2
17 2015-12-06 04:07:15
The Twelve-Factor App codified by Heroku recommends 由Heroku编写的十二因素应用程序 推荐
strict separation of config from code.
This is particularly important for management of credentials, which ideally should never be committed to source control. 这对于凭据管理尤其重要,理想情况下,永远不应将其提交给源代码控制。
The django-environ library gives a nice approach to pulling most environment-specific configuration out of the settings.py file, but you could go a long way by just referencing the most sensitive bits with the standard os library, eg 'PASSWORD': os.environ['DBPASS'] django-environ库提供了一个很好的方法来从settings.py文件中提取大多数特定于环境的配置,但是你可以通过使用标准的os库引用最敏感的位来做很长的事情,例如'PASSWORD': os.environ['DBPASS']
Of course, you probably will still store some passwords in plain text somewhere , but if that file is not embedded in your codebase, it's far less likely to be leaked. 当然,您可能仍然会在某处以纯文本形式存储一些密码,但如果该文件未嵌入您的代码库中,则泄露的可能性要小得多。
解决方案3
2 2010-08-22 05:47:01
Yes, it's standard procedure for any database communicating program. 是的,它是任何数据库通信程序的标准程序。 There really isn't a "better way" to do it. 真的没有“更好的方法”去做。
There are ways to help prevent invalid hosts from connecting (ip tables, private ip addresses), but the actual connection details are almost always plain text. 有一些方法可以帮助防止无效主机连接(ip表,私有IP地址),但实际的连接细节几乎总是纯文本。
Storing the file outside of the web root will help some, but if the attacker has access to the file system it won't matter. 将文件存储在Web根目录之外将有所帮助,但如果攻击者可以访问文件系统,则无关紧要。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.