[Tutor] managing sensitive data
Alan Gauld
alan.gauld at yahoo.co.uk
Tue Mar 30 12:15:25 EDT 2021
On 30/03/2021 16:37, Alex Kleider wrote:
> "How do I manage sensitive credentials in my Python code?"
> I've faced this problem [1] and solved it by putting the 'sensitive' data
> (passwords) into dot files in my home directory with strict permission
> settings. I've not tested it but assume that the code will fail when trying
> to read such a file if the one running the code doesn't have permission to
> read it.
One obvious addition is to encrypt the sensitive data.
Of course if these are passwords to another system you
need some form of decryption too, which tends to reduce
the strength of the encryption possible.
Another option is to store the data in a database
rather than a file. The database then needs its own login
credentials to access it and the format of native database
files tends to be harder to hack than text files (or even
regular bespoke binary files)
At work we always used a database to store the encrypted
credentials and then stored the database on an encrypted
file system. That way there were 2 levels of encryption
plus two levels of access control to get at them.
--
Alan G
Author of the Learn to Program web site
http://www.alan-g.me.uk/
http://www.amazon.com/author/alan_gauld
Follow my photo-blog on Flickr at:
http://www.flickr.com/photos/alangauldphotos
More information about the Tutor
mailing list