How to securely connect to database from Flask webapp using SQLAlchemy?

[tdevries]

Hi,

I am building a simple webapp with Flask (python) for the first time and want to connect to a database using SQLAlchemy. Currently I have to provide a string such as: "mysql://username:password@host/database_name?charset=utf8mb4" to connect to the database. However, it seems to me that it is not very secure to just have the username, password, etc. just in a simple string in the code?

Is there any way to keep these values hidden or to securely connect to the database without the need to show these values? 

Thanks in advance!

[wolstech]

Assuming this runs on the server side, a user can't see it anyway. Pretty much every server side app just puts the info in plain text in a config file.

If it runs on the client, your app is badly designed. You shouldn't be doing raw SQL from the client if you can help it, as all it will take is someone debugging the program to pull the info from memory and dump (or worse) your DB.