I bet that best way will be to keep password encrypted, algo is your choice. Then when user give you credentials you check if it match stored encrypted data and then send it. This will take off the step you have to keep plaintext password in any file/database. Anyway you didn't say if you realy need to keep password plain text (but it seems like a case because of remote use), if so then you should use 2-way encryption to avoid plain text passwords - it can be breaked easy but still needs one more step than just read the config file.
发布评论
评论(3)
我敢打赌,最好的方法是对密码进行加密,算法是你的选择。然后,当用户向您提供凭据时,您检查它是否与存储的加密数据匹配,然后发送它。这将消除您必须在任何文件/数据库中保留明文密码的步骤。不管怎样,你没有说你是否真的需要保留密码纯文本(但这似乎是因为远程使用的情况),如果是这样,那么你应该使用2路加密来避免纯文本密码 - 它很容易被破解,但是除了读取配置文件之外,还需要多一步。
I bet that best way will be to keep password encrypted, algo is your choice. Then when user give you credentials you check if it match stored encrypted data and then send it. This will take off the step you have to keep plaintext password in any file/database. Anyway you didn't say if you realy need to keep password plain text (but it seems like a case because of remote use), if so then you should use 2-way encryption to avoid plain text passwords - it can be breaked easy but still needs one more step than just read the config file.
将您的数据存储为环境变量或配置文件中...
Store your data as environment variables or inside a configuration file...
使脚本将用户名作为命令行参数。
如果导入 sys,则 sys.argv 是所有命令行参数的列表,其中第一个是 python 脚本本身的名称。
make the script take the username as command line args.
if you import sys, then sys.argv is the list of all command line args, where the first is the name of the python script itself.