T
T
The-TS2020-12-22 15:36:23
Information Security
The-TS, 2020-12-22 15:36:23

How to fix problems with hardcoded passwords?

Hey!
I have a file config.py, how can I fix the Hardcoded Passwords problem?

Thank you!

Answer the question

In order to leave comments, you need to log in

2 answer(s)
V
Vladimir Kuts, 2020-12-22
@Pyhon3x

Use environment variables

R
rPman, 2020-12-22
@rPman

Place the password in a place separate from the project, outside the update distribution system (it doesn’t matter how you install and update applications, configs should not be affected, there are exceptions, but the issue is not as simple as it seems, it requires separate research and your tasks) managed separately. The easiest and dumbest way is a configuration file in the system directory, for example /etc or ~/.config or %appdata% if windows or any other of your choice.
You can store data on a special server, and it is not necessary to issue it through a file, let it be network requests, even if http...
In one of my projects, I had a primitive self-written server for the local network spinning, all application instances turned to it for sensitive information, including passwords for the database being used. Each installation had a unique apikey in the configuration file that identified it, passing it to the password server returned the requested database access parameters (the databases were non-sql without their own access control tools and sqlite), there were several databases, this server also controlled the load on them . Applications each time before requesting the database ask the server and changing the settings is almost instantly spread across applications.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question