How to improve security with psycopg2 connection?

Question

I have a PostgreSQL database and I have a script that uses data in the db to update a website. In the script I have the following code:

conn = psycopg2.connect('dbname=name user=user password=password')

Is there a better or more secure way to connect to the db without exposing my password in the script?

I have the same issue in Django with the settings.py file.

Answer 1

One possible way is to store your key chain in a permission-controlled directory, and make your script read that credential file to extract username and password. This way you could mask the credential from whom could view the script but have no permission to the directory.

Answer 2

Put it in a variable, store it in a module/package, them in your script write :

from *libname* import sqlpassword

conn = psycopg2.connect('dbname=name user=user password=sqlpassword')

Answer 3

You have to store your postgresql credentials and dont hard code them in .py scripts. To do this, I suggest you to use django-decouple module.
With this module, You can store your database credentials in a .env file like this

DB_NAME=DB_NAME
DB_USER=DB_USER
DB_PASSWORD=DB_PASS
DB_HOST=localhost
DB_PORT=5432

and then you can use it in your python or django project as simple as drinking a cup of tea :)

Related links :
djang-decouple official page
https://pypi.org/project/django-decouple/
nice and simple tutorial to learn how to use django-decouple
https://simpleisbetterthancomplex.com/2015/11/26/package-of-the-week-python-decouple.html

Best regards.

Answer 4

在安全的JSON文件中添加凭据，然后加载该文件以将变量导入psycopg2.connect函数。

Answer 5

AWS和Databricks具有秘密管理工具，可让您将密码存储为秘密。