如何在配置文件中隐藏数据库密码 [英] How to hide database password in config file

问题描述

我正在开发一个需要访问数据库以读取其输入的C ++项目。

到目前为止，我们在基于xml的配置文件中使用了一个默认用户名（postgres）和一个固定明文密码以及许多其他设置。 / p>

现在我需要的是在提供配置文件时隐藏用户的密码。

FYI：开发区是linux，数据库是postgresql。我们想给用户配置文件连接到数据库，并在不知道密码的情况下使用它。

如果您建议快速简单的参考。

谢谢

解决方案

如果您以任何形式向他提供包含该密码的程序，您无法阻止恶意用户以这种方式获得此密码。

但有两个潜在的解决方案：

1. 程序附带的用户和密码对数据库具有只读访问权限;




2. 程序不直接连接到数据库。它向服务器应用程序请求数据，该服务器应用程序不仅可以从实际数据库获取这些数据，而且不需要给用户任何密码，而且可以进行适当的安全检查，以确保此用户只访问他想要的数据等。

I am working on a C++ project that needs to access database for reading its input.

So far, we used a default username(postgres) and a 'fixed clear text' password stored , along with many other settings, in a xml based configuration file.

Now what I need is to hide password from users when I supply the configuration file.

FYI: the development area is linux, database is postgresql. we would like to give users the config file to connect to database and use it without knowing the password

I will appreciate if you suggest a quick and easy reference.(a small reading material will also be great)

thank you

解决方案

You cannot prevent a ill-intentioned user from obtaining this password one way or another if you ship him the program containing it in any form.

But there are two potential solutions:

1. The user and password that ship with the program have a read-only access to the database;

2. The program don't connect directly to the database. It requests the data to a server application that can not only fetch this data from the actual database without need to give the user any password, but also can do the proper security checks to ensure this user is accessing only data he is meant to etc.

这篇关于如何在配置文件中隐藏数据库密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！