Answer the question
In order to leave comments, you need to log in
How not to store a password in plain text in Django?
This is what my database settings look like now.
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'mydb',
'USER': 'myuser',
'PASSWORD': 'mypassword',
'HOST': '127.0.0.1',
'PORT': '3306',
}
}
Answer the question
In order to leave comments, you need to log in
This is a normal option for storing the password in the database, and not only in Django but also in other CMF\CMF. The main problem here is not even ssh access, but version storage systems. To illustrate, search GitHub for "password".
Security methods are:
- use local_settings.py to store the password, add it to '.gitignore"
- do not use the root password to access the database
- use complex passwords
- move the ssh service to a non-default port
- use key authentication instead of a password
- close ability to login for root via ssh
- do not use FTP, use SFTP instead
You need to secure ssh. The database can be hacked without knowing the password if the user has privileges.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question