Node.js中的硬编码mysql用户和密码 [英] Hardcoded mysql user and password in Node.js

问题描述

我正在使用带有node.js的mysql.像这样:

I'm using mysql with node.js. Something like this:

    var mysql      = require('mysql');
    var connection = mysql.createConnection({
      host     : 'localhost',
      user     : 'me',
      password : 'secret',
      database : 'my_db'
    });

    connection.connect();

我只是想知道在服务器中硬编码数据库凭据(用户名和密码)是否不会损害安全性. 如果可以，那么哪种更好的方法呢?

I was just wondering if having the database credentials (user and password) hardcoded in the server doesn't compromise security. If it does, what would be a better way of doing this?

推荐答案

处理此问题的最佳方法是将凭据存储在环境变量中.然后，您将像这样访问您的凭据:

The best way to handle this is to have your credentials stored in environment variables. You would then access your credentials like this:

var mysql      = require('mysql');
var connection = mysql.createConnection({
  host     : process.env.DB_HOST,
  user     : process.env.DB_USER,
  password : process.env.DB_PASS,
  database : process.env.DB_NAME
});

connection.connect();

然后，您将使用诸如dotenv之类的库来设置环境变量.您会将环境变量放在一个.env文件中，该文件不随应用程序一起分发，也不在版本控制中.一个示例.env可能看起来像这样

Then you would use a library like dotenv to set environment variables. You would put your environment variables in a .env file that is not distributed with the application, and that isn't in version control. An example .env might look like this

DB_NAME=my_db
DB_HOST=localhost
DB_PASS=secret
DB_USER=me

https://www.npmjs.com/package/dotenv -有关此链接，请参见有关使用dotenv的更多信息，以及对应用程序中的12因素安全性进行一些研究:)

https://www.npmjs.com/package/dotenv - see this link for more information on using dotenv and do some research on 12 factor security in apps :)

这篇关于Node.js中的硬编码mysql用户和密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！