3

I'm working with sqlalchemy and oracle, but I don't want to store the database password directly in the connection string, how to store a encrypted password instead?

Improve this question
1
  • What does you mean by storing the connection string? Commented Mar 14, 2017 at 4:43

3 Answers 3

Reset to default
2

You could encode the string, but encoding is not encrypting as Gord Thompson mentioned in the comments. Anyone with a bit of knowledge about base64 can reverse it.

import base64
password = "yourpassword".encode("utf-8")
encoded = base64.b64encode(password)
print(encoded)

Decoding it is a matter of

decoded = base64.decodebytes(encoded).decode('utf-8')
print(decoded)

You can use hashed password :

  • You can use the generate_password_hash function from werkzeug.security to generate a secure hash of the password.

code,

from werkzeug.security import generate_password_hash

password = "your_password_here"

hashed_password = generate_password_hash(password, method='sha256')
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

As it’s currently written, your answer is unclear. Please edit to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers in the help center.
Note that encoding something is not the same as encrypting it.
0

I guess you are looking for module PyCrypto

You may use your desired encryption and store encrypted text in database and after fetching data you can decrypt it again.

here is the example for PyCrypto:

>>> from Crypto.Hash import SHA256
>>> hash = SHA256.new()
>>> hash.update('message')
>>> hash.digest()
'\xabS\n\x13\xe4Y\x14\x98+y\xf9\xb7\xe3\xfb\xa9\x94\xcf\xd1\xf3\xfb"\xf7\x1c\xea\x1a\xfb\xf0+F\x0cm\x1d'

for more you may refer to this documentation

Improve this answer

4 Comments

Thanks,but this is not what I want,because the encryption algorithm can be obtained by reading the code.Is there any encryption mechanisms inside sqlalchemy for this?
you may try this: variable-scope.com/posts/…
or you may want to go with this solution from stackoverflow itself: stackoverflow.com/a/33717279/6918812
I think as soon as the hacker is able to read your code he will be always able to decrypt your password. The only way to protect your password is to prompt it from user instead of storing in in the code.
0

Encrypting the password isn't necessarily very useful, since your code will have to contains the means to decrypt. Usually what you want to do is to store the credentials separately from the codebase, and have the application read them at runtime. For example*:

  • read them from a file
  • read them from command line arguments or environment variables (note there are operating system commands that can retrieve these values from a running process, or they may be logged)
  • use a password-less connection mechanism, for example Unix domain sockets, if available
  • fetch them from a dedicated secrets management system

You may also wish to consider encrypting the connections to the database, so that the password isn't exposed in transit across the network.

* I'm not a security engineer: these examples are not exhaustive and may have other vulnerabilities in addition to those mentioned.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.