tdevries Posted September 26, 2023 Posted September 26, 2023 Hi, I am building a simple webapp with Flask (python) for the first time and want to connect to a database using SQLAlchemy. Currently I have to provide a string such as: "mysql://username:password@host/database_name?charset=utf8mb4" to connect to the database. However, it seems to me that it is not very secure to just have the username, password, etc. just in a simple string in the code? Is there any way to keep these values hidden or to securely connect to the database without the need to show these values? Thanks in advance!
wolstech Posted September 26, 2023 Posted September 26, 2023 Assuming this runs on the server side, a user can't see it anyway. Pretty much every server side app just puts the info in plain text in a config file. If it runs on the client, your app is badly designed. You shouldn't be doing raw SQL from the client if you can help it, as all it will take is someone debugging the program to pull the info from memory and dump (or worse) your DB.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now