B
B
Boldy2015-02-10 12:19:31
Django
Boldy, 2015-02-10 12:19:31

How not to store a password in plain text in Django?

This is what my database settings look like now.

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'mydb',
        'USER': 'myuser',
        'PASSWORD': 'mypassword',
        'HOST': '127.0.0.1',
        'PORT': '3306',
    }
}

That is, if an attacker gets access to my ssh, then it will not be difficult for him to get into the database. Is there any way to encrypt the above data?

Answer the question

In order to leave comments, you need to log in

3 answer(s)
S
Stanislav Fateev, 2015-02-10
@Boldy

This is a normal option for storing the password in the database, and not only in Django but also in other CMF\CMF. The main problem here is not even ssh access, but version storage systems. To illustrate, search GitHub for "password".
Security methods are:
- use local_settings.py to store the password, add it to '.gitignore"
- do not use the root password to access the database
- use complex passwords
- move the ssh service to a non-default port
- use key authentication instead of a password
- close ability to login for root via ssh
- do not use FTP, use SFTP instead

R
Rostislav Grigoriev, 2015-02-10
@crazyzubr

You need to secure ssh. The database can be hacked without knowing the password if the user has privileges.

N
n12eq3, 2017-09-30
@microbot

59cebea2ca310283932881.png

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question