asked on
Python script with password security?
Hello,
I'm writing a Python script that will connect to a postgresql database using the psycopg2 library. I'm getting around it pretty well but one concern I have is that when connecting to the database host, I have to hard code the username and password into the connection statement. I would prefer not to do this and would like to somehow refer to an external file for this information and import that user account info then construct the connection string. That way at least the username/password combo wouldn't be directly visible when looking at the Python code. Any help or alternative ideas would be very much appreciated.
Example of the psycopg2 connection statement:
Thanks,
Glen
I'm writing a Python script that will connect to a postgresql database using the psycopg2 library. I'm getting around it pretty well but one concern I have is that when connecting to the database host, I have to hard code the username and password into the connection statement. I would prefer not to do this and would like to somehow refer to an external file for this information and import that user account info then construct the connection string. That way at least the username/password combo wouldn't be directly visible when looking at the Python code. Any help or alternative ideas would be very much appreciated.
Example of the psycopg2 connection statement:
import psycopg2
conn_string = "dbname='mydatabase' port='1234' user='joe_shmoe' password = 'joespassword' host='hostaddress.com'"
conn = psycopg2.connect(conn_string)
Thanks,
Glen
PythonScripting Languages
Last Comment
Kyle Hamilton
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Looking at the os reference, it looks like maybe the getenv function would do this...
import os
print os.getenv('TempDir')
That gives me C:\Temp on Windows 10. I'm guessing it will work in Linux since the reference says it works on most flavors of unix. One follow up question though, setting an environment variable in Linux is typically temporary for the session. Where would I set this to make it system-wide and permanent?
Thanks,
Glen
import os
print os.getenv('TempDir')
That gives me C:\Temp on Windows 10. I'm guessing it will work in Linux since the reference says it works on most flavors of unix. One follow up question though, setting an environment variable in Linux is typically temporary for the session. Where would I set this to make it system-wide and permanent?
Thanks,
Glen
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
here's another way:
if you wanted to keep those variables in their own file, you could make a .passwords file, with the export lines, then in your .bash_profile:
remember that every time you add an environment variable to a file, you have to either start a new shell, or source the file in which the variables are defined.
if you wanted to keep those variables in their own file, you could make a .passwords file, with the export lines, then in your .bash_profile:
source path/to/.passwords
remember that every time you add an environment variable to a file, you have to either start a new shell, or source the file in which the variables are defined.
ASKER
I'll be looking to set this environment variable permanently for all users. It'll be a common variable utilized by all Python scripts being dropped onto the server and executed via cron or some other job scheduler.
The I would put it in a .passwords file that will be dropped on whatever server you need in some predetermined directory.
in .passwords
In your script which gets triggered by cron, add the source line:
and in your python script:
in .passwords
export NAME="name"
export PWD="password"
export DIR=/your/temp/dir/
In your script which gets triggered by cron, add the source line:
source /path/to/.passwords
and in your python script:
import os
password = os.getenv('PWD')
username = os.getenv('NAME')
tempdir = os.getenv('DIR')
ASKER
That would work if I developed on a linux machine, unfortunately my workstation is Windows while the environment I deploy my code to is linux. It sounds like simply adding the export statements to the .bashrc file would suffice and would eliminate any need to that source line in my python script, is that correct?
i assumed your cron would run a bash shell script. you would put the source line in the shell script.
if you put the variables in .bashrc, you will need to do that for every server you deploy on.
you could still automate it with a script that appends to .bashrc.
it's a half a dozen, or six thing. (i can never remember that expression right :)
many ways to skin a cat...
if you put the variables in .bashrc, you will need to do that for every server you deploy on.
you could still automate it with a script that appends to .bashrc.
it's a half a dozen, or six thing. (i can never remember that expression right :)
many ways to skin a cat...
ASKER
Very true. Thankfully we're only dealing with 1 or 2 linux servers for the long term so we're good there. I just tried to put in the export statements, I restarted bash and did a "printenv" to verify that they got set (which they did). But after I closed my putty session and started a new one, the exports disappeared. Somehow they became session-specific and not permanent. I performed the following steps:
Is there something I'm missing?
1. vi ~/.bashrc
2. Added line: export temp_dir="/home/ubuntu/tmp/"
3. exec bash -l
Is there something I'm missing?
ASKER
Searching around google, I see a file called "/etc/profile" being mentioned. When I look at the file on my linux box I see that it's executing ". /etc/bash.bashrc" as well as "/etc/profile.d". Should I be putting these export statements in "/etc/profile" instead?
ASKER
Nevermind, "/etc/profile" is apparently a root directory and I don't have permissions to modify that :/
ASKER
Looks like it's the .profile file in the home directory that keeps the settings permanent. I set up the temp_dir export statement in there and closed out my session window then logged back in and the printenv command still shows the variable. Hopefully that's it.
glad you got it working.
typically the file is in the home directory, called .bash_profile
cheers.
typically the file is in the home directory, called .bash_profile
cheers.
With the environment variable method, will the os module work seamlessly between Windows vs Linux? For instance, if I create the following environment variables on both Windows 10 and Linux:
UserName = Joe
Password = JoePassword
TempDir = C:\Temp (Linux would be something like '/usr/tmp/processing')
Would the os module refer to them in exactly the same way using the os.environ function call? I.e. os.environ['TempDir'] would output C:\Temp when run on Windows and /usr/tmp/processing when run on Linux?
Thanks,
Glen