问题
I'm currently connecting to a Postgres db from a Python script and I'm using sqlalchemy with psycopg2:
postgresql+psycopg2://user:password@host:port/dbname[?key=value&key=value...]
This Python script is available to users, and the password is shown in clear text. How can I use an encrypted password instead?
回答1:
Generally, this is done in a few different ways.
1. Hide your database behind a REST API
Basically, don't make the database directly accessible to users. Provide an interface like a REST API or something similar for users to interact with the database. The username and password are only stored on the server side.
2. Create another DB user with less privileges and only distribute that user.
Your postgres database can have multiple users. Don't give them the user and password for the db owner. Just create a user with less privileges (read-only maybe?) and distribute that user and password.
来源:https://stackoverflow.com/questions/37131460/how-to-not-show-password-in-clear-text-when-connecting-to-postgres-via-sqlalchem