问题
In PHP the accepted way to secure database login credentials is to store them outside the web root, and to include() the files with the passwords. How are MySQL database login credentials safely stored in Python applications?
回答1:
Well, one way of doing this is putting the passwords in a separate config/ini file that is not deployed with the project. And then, pass the path of this file to the main entry of the application, e.g.:
python main.py --config=/path/to/config.ini
Note that you'll need to parse this --config argument (see argparse) and then read and parse the config.ini file.
Update:
Since you mentioned web applications, there is also another way of passing configuration information - through the environ. For example, if you use mod_wsgi, you can putt this in the wsgi directives:
SetEnv my_namespace.some_param some_value
And then, this value will be accessible in the application with through os.environ:
import os
os.environ['my_namespace.some_param']
来源:https://stackoverflow.com/questions/17324472/how-to-securely-store-database-password-in-python