我需要在 Python 中安全地存储用户名和密码,我有哪些选择? [英] I need to securely store a username and password in Python, what are my options?
问题描述
我正在编写一个小的 Python 脚本,它将使用用户名和密码组合定期从 3rd 方服务中提取信息.我不需要创造 100% 防弹的东西(100% 甚至存在吗?),但我想涉及一个很好的安全措施,所以至少有人需要很长时间才能打破它.
I'm writing a small Python script which will periodically pull information from a 3rd party service using a username and password combo. I don't need to create something that is 100% bulletproof (does 100% even exist?), but I would like to involve a good measure of security so at the very least it would take a long time for someone to break it.
这个脚本没有图形用户界面,会由 cron 定期运行,所以每次运行时输入密码来解密是行不通的,我必须存储加密文件中的用户名和密码或在 SQLite 数据库中加密的用户名和密码,这会更可取,因为无论如何我都会使用 SQLite,而且我可能在某个时候需要编辑密码.此外,我可能会将整个程序包装在一个 EXE 中,因为此时它专门用于 Windows.
This script won't have a GUI and will be run periodically by cron, so entering a password each time it's run to decrypt things won't really work, and I'll have to store the username and password in either an encrypted file or encrypted in a SQLite database, which would be preferable as I'll be using SQLite anyway, and I might need to edit the password at some point. In addition, I'll probably be wrapping the whole program in an EXE, as it's exclusively for Windows at this point.
如何安全地存储用户名和密码组合以通过 cron 作业定期使用?
How can I securely store the username and password combo to be used periodically via a cron job?
推荐答案
I recommend a strategy similar to ssh-agent. If you can't use ssh-agent directly you could implement something like it, so that your password is only kept in RAM. The cron job could have configured credentials to get the actual password from the agent each time it runs, use it once, and de-reference it immediately using the del statement.
管理员仍然需要在启动时或其他任何时候输入密码来启动 ssh-agent,但这是一个合理的妥协,避免将纯文本密码存储在磁盘上的任何位置.
The administrator still has to enter the password to start ssh-agent, at boot-time or whatever, but this is a reasonable compromise that avoids having a plain-text password stored anywhere on disk.
这篇关于我需要在 Python 中安全地存储用户名和密码,我有哪些选择?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
