Python Forum

Python Forum > Python Coding > General Coding Help > Hiding username and password on sql
Full Version: Hiding username and password on sql
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

tantony

Oct-20-2022, 07:04 PM
In my Python code, I have my username and password entered as plain text. But this is not the best practice since now anyone that see my code also knows the database root username and password. How can I 'hide' the password here? I watched a YouTube video, but is this the best way?

mydb = mysql.connector.connect(
  host="localhost",
  user="root",
  password="mydbpw",
  database="users"
)
Python Quick Tip: Hiding Passwords and Secret Keys in Environment Variables (Windows)

tantony

Oct-20-2022, 07:22 PM
What I did is this, not sure if this is the best solution.
I created another python file called sql_creds.py, then I copy and pasted username and password there.
Then on my main.py, I imported sql_creds.py as creds. Then I used creds.username, and creds.password.

But this doesn't the solve the problem either because now someone can open sql_creds.py to get the login. I can probably hide that file, but that's not a solution either.

How do you hide API, passwords etc on your code?

deanhystad

Oct-20-2022, 07:34 PM
Command line arguments or use input() to enter credentials?

tantony

Oct-20-2022, 07:39 PM
Yes, I thought about input() and entering credentials, but in this example, I don't want to do that. Because my eventual plan is to run this as a service or startup task. So I don't want it to wait for me enter credentials, or fail.

deanhystad

Oct-20-2022, 07:45 PM
There is no decryption scheme where you don't have to provide anything. Set the file privilege so you can only write or execute? If nobody can read the file you don't have to worry about hiding the password.

tantony

Oct-20-2022, 07:54 PM
ok thanks. I was just wondering how this is done. It sounds like there's no preferred method.

rob101

Oct-20-2022, 08:31 PM
You don't store a password; you store a hash value of the password and check the hash value, to assert if said password is correct, or not.

tantony

Oct-20-2022, 08:38 PM
@rob101

how would I do that? That seems more secure.

rob101

Oct-20-2022, 08:53 PM
As a simple proof of concept:

from hashlib import sha256

hpw = "66ebb3e1ed156a03801ecf5c40320bd8a3720f07d65612c486fd7b65ac268135"

hashVal = ""
while hashVal != hpw:
    pw = input("Enter your password: ")
    hashVal = sha256(pw.encode('utf-8')).hexdigest()
The only way to exit that loop, is to enter 'your password', but any hash value that only you know how it was generated, can be used in hpw, which is what is stored in whatever way your system has been designed.

tantony

Oct-21-2022, 12:46 PM
thank you
Pages: 1 2
Python Forum > Python Coding > General Coding Help > Hiding username and password on sql