How to not show password in clear text when connec

2019-09-19 23:58发布

I'm currently connecting to a Postgres db from a Python script and I'm using sqlalchemy with psycopg2:

postgresql+psycopg2://user:password@host:port/dbname[?key=value&key=value...]

This Python script is available to users, and the password is shown in clear text. How can I use an encrypted password instead?

1条回答
Evening l夕情丶
2楼-- · 2019-09-20 00:30

Generally, this is done in a few different ways.

1. Hide your database behind a REST API

Basically, don't make the database directly accessible to users. Provide an interface like a REST API or something similar for users to interact with the database. The username and password are only stored on the server side.

2. Create another DB user with less privileges and only distribute that user.

Your postgres database can have multiple users. Don't give them the user and password for the db owner. Just create a user with less privileges (read-only maybe?) and distribute that user and password.

查看更多
登录 后发表回答