tdevries Posted September 26, 2023 Share Posted September 26, 2023 Hi, I am building a simple webapp with Flask (python) for the first time and want to connect to a database using SQLAlchemy. Currently I have to provide a string such as: "mysql://username:password@host/database_name?charset=utf8mb4" to connect to the database. However, it seems to me that it is not very secure to just have the username, password, etc. just in a simple string in the code? Is there any way to keep these values hidden or to securely connect to the database without the need to show these values? Thanks in advance! Quote Link to comment Share on other sites More sharing options...
wolstech Posted September 26, 2023 Share Posted September 26, 2023 Assuming this runs on the server side, a user can't see it anyway. Pretty much every server side app just puts the info in plain text in a config file. If it runs on the client, your app is badly designed. You shouldn't be doing raw SQL from the client if you can help it, as all it will take is someone debugging the program to pull the info from memory and dump (or worse) your DB. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.