在Python中进行开发时，要保护MySQL密码吗? [英] Safeguarding MySQL password when developing in Python?

问题描述

我正在编写一个Python脚本，该脚本使用本地托管的MySQL数据库.该程序将作为源代码提供.结果，MySQL密码将是肉眼可见的.有什么好的方法可以保护这一点?

I'm writing a Python script which uses a MySQL database, which is locally hosted. The program will be delivered as source code. As a result, the MySQL password will be visible to bare eyes. Is there a good way to protect this?

这个想法是为了防止一些顽皮的人查看源代码，直接访问MySQL并做某事……好吧，顽皮.

The idea is to prevent some naughty people from looking at the source code, gaining direct access to MySQL, and doing something ... well, naughty.

推荐答案

简短答案

你不能.

如果密码存储在交付给最终用户的工件中，您必须认为它已被盗用！即使工件是已编译的二进制文件，也总是有(或多或少复杂的)方式来获取密码.

If the password is stored in the artifact that's shipped to the end-user you must consider it compromised! Even if the artifact is a compiled binary, there are always (more or less complicated) ways to get at the password.

保护资源的唯一方法是仅向最终用户公开有限的API.要么构建一个编程API(REST，WS + SOAP，RMI，JavaEE + Servlet等)，要么仅通过SPROC在数据库中公开某些功能(见下文).

The only way to protect your resources is by exposing only a limited API to the end-user. Either build a programmatic API (REST, WS+SOAP, RMI, JavaEE+Servlets, ...) or only expose certain functionalities in your DB via SPROCs (see below).

这里的问题不应该是如何隐藏密码，而是如何保护数据库.请记住，密码通常只是一个非常弱的保护，不应被视为保护数据库的唯一机制.您正在使用SSL吗?不?好吧，即使如果您设法将密码隐藏在应用程序代码中，在网络上嗅探密码仍然很容易！

The question here should not be how to hide the password, but how to secure the database. Remember that passwords only are often a very weak protection and should not be considered the sole mechanism of protecting the DB. Are you using SSL? No? Well, then even if you manage to hide the password in the application code, it's still easy to sniff it on the network!

您有多种选择.都具有不同程度的安全性:

You have multiple options. All with varying degrees of security:

为该应用程序创建一个数据库用户.为此角色申请授权.一种非常常见的设置是仅允许CRUD操作.

Create one database-user for the application. Apply authorization for this role. A very common setup is to only allow CRUD ops.

• 非常易于设置
• 防止DROP查询(例如在SQL注入中?)

• very easy to set-up
• Prevents DROP queries (f.ex. in SQL injections?)

• 每个看到密码的人都可以访问数据库中的所有数据.即使该数据通常隐藏在应用程序中.
• 如果密码被泄露，则用户可以无条件运行UPDATE和DELETE查询(即:一次删除/更新整个表).

• Everybody seeing the password has access to all the data in the database. Even if that data is normally hidden in the application.
• If the password is compromised, the user can run UPDATE and DELETE queries without criteria (i.e.: delete/update a whole table at once).

为每个应用程序/最终用户创建一个数据库用户.这使您甚至可以在每个列的基础上定义原子访问权限.例如:用户X只能从表foo中选择far和baz列.没别的.但是，用户Y可以SELECT进行所有操作，但是没有更新，而用户Z具有完全的CRUD(选择，插入，更新，删除)访问权限.

Create one database user per application-/end-user. This allows you to define atomic access rights even on a per-column basis. For example: User X can only select columns far and baz from table foo. And nothing else. But user Y can SELECT everything, but no updates, while user Z has full CRUD (select, insert, update, delete) access.

某些数据库允许您重用OS级凭据.这使对用户的身份验证透明(仅需要登录到工作站，然后将该标识转发到DB).在完整的MS堆栈(OS = Windows，Auth = ActiveDirectory，DB = MSSQL)中，这最容易实现，但据我所知，在其他数据库中也可以实现.

Some databases allow you to reuse the OS-level credentials. This makes authentication to the user transparent (only needs to log-in to the workstation, that identity is then forwarded to the DB). This works easiest in a full MS-stack (OS=Windows, Auth=ActiveDirectory, DB=MSSQL) but is - as far as I am aware - also possible to achieve in other DBs.

• 完全容易设置.
• 非常原子的授权方案

• 在数据库中设置所有访问权限可能很繁琐.
• 具有UPDATE和DELETE权限的用户仍然可以无意(或有意地)删除/更新而没有条件.您可能会丢失表中的所有数据.

• Can be tedious to set up all the access rights in the DB.
• Users with UPDATE and DELETE rights can still accidentally (or intentionally?) delete/update without criteria. You risk losing all the data in a table.

编写否 SQL查询.通过SPROC运行一切.然后为每个用户创建数据库帐户，并为SPROC(仅 )分配特权.

Write no SQL queries in your application. Run everything through SPROCs. Then create db-accounts for each user and assign privileges to the SPROCs only.

• 最有效的保护机制.
• SPROC可以强制用户将条件传递给每个查询(包括DELETE和UPDATE)

• 不确定这是否适用于MySQL(我在该领域的知识还很薄弱).
• 复杂的开发周期:您要做的一切，都必须首先在SPROC中定义.

您永远不应允许对应用程序执行数据库管理任务.在大多数情况下，应用程序仅需要的操作是SELECT，INSERT，DELETE和UPDATE.如果您遵循此指南，则用户发现密码几乎没有风险.除了上述要点.

You should never allow database administrative tasks to the application. Most of the time, the only operations an application needs are SELECT, INSERT, DELETE and UPDATE. If you follow this guideline, there is hardly a risk involved by users discovering the password. Except the points mentioned above.

无论如何，请保留备份.我假设您要针对意外删除或更新对数据库进行投影.但是意外发生了……记住这一点；)

In any case, keep backups. I assume you want to project you database against accidental deletes or updates. But accidents happen... keep that in mind ;)

这篇关于在Python中进行开发时，要保护MySQL密码吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！