我当前正在从Python脚本连接到Postgres数据库,并且正在使用使用psycopg2的SQL炼金术:
I'm currently connecting to a Postgres db from a Python script and I'm using sqlalchemy with psycopg2:
postgresql+psycopg2://user:password@host:port/dbname[?key=value&key=value...]该Python脚本可供用户使用,并且密码以明文显示。我该如何使用加密密码呢?
This Python script is available to users, and the password is shown in clear text. How can I use an encrypted password instead?
推荐答案通常,这是通过几种不同的方式完成的。
Generally, this is done in a few different ways.
基本上,不要让用户直接访问该数据库。提供诸如REST API之类的接口或类似的接口,供用户与数据库进行交互。用户名和密码仅存储在服务器端。
Basically, don't make the database directly accessible to users. Provide an interface like a REST API or something similar for users to interact with the database. The username and password are only stored on the server side.
您的postgres数据库可以有多个用户。不要给他们数据库所有者的用户名和密码。只需创建一个特权较少的用户(也许是只读用户)并分发该用户和密码即可。
Your postgres database can have multiple users. Don't give them the user and password for the db owner. Just create a user with less privileges (read-only maybe?) and distribute that user and password.
更多推荐
通过sqlalchemy,psycopg2连接到postgres时,如何不以明文形式显示密码?
发布评论