[Flask] Database credentials in clear text
Matt Gushee
matt at gushee.net
Wed Jul 29 00:34:31 CEST 2015
On Tue, Jul 28, 2015 at 9:10 AM, Jonathan Chen <tamasiaina at gmail.com> wrote:
> Yeah, I've had experience with a "credential wallet" type of product with
> Oracle applications. Nothing like that I know of exists currently for
> Python. For test/development it really doesn't matter if the cleartext is
> available there, but in production there are a few strategies that a devops
> person can do to make sure that it is more secure. One of the things that
> you should make sure to avoid is exposing the file by accident. Another
> thing that you could do is to have the credentials placed in the Python
> Path somewhere and have the config import it in.
>
And if you do store it in a file in your application directory, make sure
you never check it in to version control.
--
Matt Gushee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/flask/attachments/20150728/be0c822f/attachment.html>
More information about the Flask
mailing list