stackoom
  简体   繁体   中英

Best approach to secure user account credentials while using Selenium with Python

 原文  2021-12-31 22:10:29       python/ selenium/ security

Question

I was playing around with Selenium and Python and writing a program that would log in to one of my local pizza shops website and place my regular order for me with the click of a button.

I then got curious about what the best approach would be to protect log in credentials in a situation like this since the username and password are written directly into the code. I read about 64 bit encoding but that doesn't seem to be secure. I also thought about creating a separate file that would hold the account information but then the file path for it would still have be in the code (I assume?) and they could just access that if they wanted to.

I really have no need to secure my pizza ordering, this is more a general question that peaked my interest. I was wondering if anybody could point me in some good directions. Not my exact code below but just code to show general idea of what I mean. Thanks in advance for any help!

driver = webdriver.Chrome()

username = driver.find_element_by_id("username")
password = driver.find_element_by_id("password")
username.send_keys("YourUsername")
password.send_keys("PassworD")

driver.find_element_by_name("submit").click()

2 answers

solution1
 0  2021-12-31 22:49:23

For security reason if you don't want to store the username/password within the code or store it in a text/csv/excel file you can take the user input runtime using input() as follows:

driver.find_element_by_id("username").send_keys(input("Username: "))
driver.find_element_by_id("password").send_keys(input("Password: "))

solution2
 0  2022-01-01 00:19:34

A common approach for storing secrets is to use a .env file. This is a simple file that it is usually stored at the project's root. The concept is that when the python script is executed every variable contained in the .env file is injected in the running environment too. This file should also be included in .gitignore in order to prevent it from uploading to the code repository.

The dotenv python module is a utility to help with this approach. You can read more here https://github.com/theskumar/python-dotenv

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Secure way to update UNIX account password using Python as root user? Secure login with Python credentials from user database Best approach to this question using python Use browser authenticated credentials to scrape data from user account using python mechanize Simple Python program to connect to a secure wifi network with user input credentials Best approach with dynamic classes using Python globals() Regex bank account balance using selenium in python how to log in to the google account using selenium python Warning while using selenium with python “This browser or app may not be secure” error when using selenium python
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM