问题
this doesn't necessarily entail a Python specific answer, but that is what I am using, Python 3.2 to be exact. I am also developing under Linux.
I have a script that is connecting to a website, logging in, and obtaining information for the the user. How do I store the user's credentials safely? Or what is the best practice? Encryption seems silly since the encrypted credentials and encryption key would be in the same place. The only thing I can think of is storing in a file which has restricted read access, but that feels like I haven't done enough. However, it is roughly what was described in this How to store credentials for third party services in Rails answer.
I just want to do my best to treat user's security with respect.
回答1:
You might want to store it in memory and have them type it in once whenever they start the program (would also involve making it a program and not just a script, unless the script never dies). This is also subject to some attacks, however.
If you have access to the website you're retrieving the information from you might want to setup secondary, limited privilege (read-only) accounts so that even if the password is compromised, it's not as big of a deal (assuming the data itself isn't too sensitive). This is why I don't use mint.com, but I would if they would work with the banks to implement this functionality.
来源:https://stackoverflow.com/questions/14048219/how-to-store-user-password-for-third-party-service-in-python