mirror of
https://github.com/not-kennethreitz/convore.json.git
synced 2026-06-05 23:20:19 +00:00
Kenneth Reitz
1 line
3.2 KiB
JSON
1 line
3.2 KiB
JSON
[{"user_id": 8970, "stars": [], "topic_id": 11932, "date_created": 1299739236.1956339, "message": "Is there a standard way of encrypting database connection strings in Flask instead of plaintext?", "group_id": 207, "id": 311458}, {"user_id": 6559, "stars": [{"date_created": 1299989173.562362, "user_id": 1736}, {"date_created": 1300549231.2184949, "user_id": 13912}], "topic_id": 11932, "date_created": 1299946453.114037, "message": "why?", "group_id": 207, "id": 333081}, {"user_id": 1736, "stars": [], "topic_id": 11932, "date_created": 1299989212.4431751, "message": "@argoneus I guess you are asking about encrypting DB passwords. Use Postgres+ident, no passwords needed.", "group_id": 207, "id": 338906}, {"user_id": 3748, "stars": [], "topic_id": 11932, "date_created": 1300148014.5675271, "message": "I think @argoneus means not putting the URL that needs sqlalchemy to connect to the engine in plain text in the python file.", "group_id": 207, "id": 352231}, {"user_id": 13916, "stars": [], "topic_id": 11932, "date_created": 1300758557.912364, "message": "the reason you'd want to do this is because your client is a bank with lots of Formal Procedures and they want it, even though its mostly pointless. I'm going to need it on my current gig in fact. There's no way to do it that isn't ultimately kind of dumb - even if you had some .pyc only file or whatnot that decrypted it, someone could just say \"python; import your_magic_module; your_magic_module.decrypt()\".", "group_id": 207, "id": 404336}, {"user_id": 13916, "stars": [], "topic_id": 11932, "date_created": 1300758585.137749, "message": "so with that, do it in an entirely silly way and tell the higher ups \"yup, its encrypted\"", "group_id": 207, "id": 404341}, {"user_id": 8970, "stars": [], "topic_id": 11932, "date_created": 1300761523.336849, "message": "I don't want the credentials unencrypted, especially in code or a config file committed to our git repo. Not a big deal if there's not a best practice, just curious if there was.", "group_id": 207, "id": 404588}, {"user_id": 1736, "stars": [], "topic_id": 11932, "date_created": 1300761813.5349431, "message": "@argoneus The closest thing to a best practice is to just not care about that level of security really.", "group_id": 207, "id": 404599}, {"user_id": 1736, "stars": [], "topic_id": 11932, "date_created": 1300761866.7317121, "message": "Use ident for local connections, and use firewalls to control remote ones (maybe with SSL cert checks on both sides for added fancy)", "group_id": 207, "id": 404603}, {"user_id": 18985, "stars": [{"date_created": 1301057578.6783221, "user_id": 14438}], "topic_id": 11932, "date_created": 1300853393.6249001, "message": "@argoneus don't store the db connection info with your source, keep it in a config file outside of your source (e.g. in /etc/), readable only by the db user or root, rely on file permissions to secure it, that's how a lot of sensitive info is secured short of encryption", "group_id": 207, "id": 414117}, {"user_id": 8970, "stars": [], "topic_id": 11932, "date_created": 1300947402.4917979, "message": "@lost_theorem that's essentially what I'm doing, except the config is in the same dir as the code, just not checked in", "group_id": 207, "id": 424423}] |