如何在Python中存储第三方服务的用户密码? [英] How to store user password for third party service in Python?

问题描述

这不一定需要特定于Python的答案，但这就是我正在使用的，确切地说是Python 3.2.我也在Linux下进行开发.

this doesn't necessarily entail a Python specific answer, but that is what I am using, Python 3.2 to be exact. I am also developing under Linux.

我有一个脚本可以连接到网站，登录并为用户获取信息.如何安全地存储用户的凭据?或最佳做法是什么?加密似乎很愚蠢，因为加密的凭据和加密密钥将位于同一位置.我唯一能想到的就是将文件存储在具有限制的读取访问权限的文件中，但这感觉还不够.但是，这大致是此如何进行描述的内容在Rails中存储第三方服务的凭据答案.

I have a script that is connecting to a website, logging in, and obtaining information for the the user. How do I store the user's credentials safely? Or what is the best practice? Encryption seems silly since the encrypted credentials and encryption key would be in the same place. The only thing I can think of is storing in a file which has restricted read access, but that feels like I haven't done enough. However, it is roughly what was described in this How to store credentials for third party services in Rails answer.

我只想尽最大努力尊重用户的安全.

I just want to do my best to treat user's security with respect.

推荐答案

您可能希望将其存储在内存中，并让他们在每次启动程序时都键入一次(还将涉及使其成为一个程序，而不仅仅是一个脚本，除非脚本永不消失).但是，这也会受到一些攻击.

You might want to store it in memory and have them type it in once whenever they start the program (would also involve making it a program and not just a script, unless the script never dies). This is also subject to some attacks, however.

如果您有权访问该网站，则可能要从中检索信息，您可能希望设置辅助，受限特权(只读)帐户，这样即使密码被泄露，也没什么大不了的(假设数据本身不太敏感).这就是为什么我不使用mint.com的原因，但是如果他们与银行合作来实现此功能，我会这样做.

If you have access to the website you're retrieving the information from you might want to setup secondary, limited privilege (read-only) accounts so that even if the password is compromised, it's not as big of a deal (assuming the data itself isn't too sensitive). This is why I don't use mint.com, but I would if they would work with the banks to implement this functionality.

这篇关于如何在Python中存储第三方服务的用户密码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！