Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Ivan Zhuravlev2018-05-07 21:53:29
MySQL
Ivan Zhuravlev, 2018-05-07 21:53:29

How to create MySQL accounts from a Python program?

I have a Python application that uses a MySQL database. But for it to work correctly, you must first create a MySQL account in the console. In this case, the password and name of this user are used in the Python code. Also in the Python code, the known, pre-set MySQL root password is used to create the database and tables. This is all very embarrassing due to the absolute lack of security. Therefore, it is necessary to implement the functionality that allows you to create a MySQL user account when you first start the program from the program itself, as well as the functionality that allows you to change the MySQL root password from the program itself. I looked towards the os and subprocess modules, but nothing came of it, alas (

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
S
Saboteur, 2018-05-07
@saboteur_kiev

"Python code also uses the known, predefined MySQL root password to create the database and tables.
This is all very confusing due to the absolute lack of security."

Are you embarrassed by the presence of a password from the root, but not embarrassed by the opportunity to set it later?
Why change the awl for soap?
Move logins and passwords from the code to config files, and create users using normal means.

Report
R
Ruslan., 2018-05-08
@LaRN

You can create an account for the application as a whole and go to the database through this account.
Users work with the application (and at the same time do not have direct access to the database), rights are controlled at the application level, new user accounts are also added there, but these are no longer database accounts, but application accounts.

Report
A
Alexander Glukhov, 2018-05-20
@ra1

Store access as you like. The same Bitrix stores access to the database openly in the included files. The main thing is that the files and directories have the correct permissions that will not allow ordinary users to read files with passwords. Only a separate user under which the application is running and the administrator can read it.
I am not a security expert, but the concept is that the application should have access to the minimum necessary privileges for its operation and no more (this also applies to privilege settings for the DBMS user, no root and grant all!)

Similar questions
E
Extramezz2015-07-08 11:10:38
Why doesn't mod_rewrite work? 2Reply
M
Mikhail2017-06-17 21:13:06
How to do clustering correctly? 3Reply
S
synapse_people2021-05-17 11:49:28
What should be the gt files for learning? 0Reply
M
Mad_runner2019-12-12 18:30:36
How to allow connection to a proxy server in the firewall? 3Reply
K
kil20162019-12-23 16:24:05
How to make a window appear smoothly? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question