1

I'm having some doubts about how can I "secure" the database's information to connect. There is someway that I can get the access to the database in a more secure way? A Rest Api? Or if someone can tell me a more secure that sending the access on the code

Thanks in advance

config = {
    'user': 'user',
    'password': 'password.',
    'host': 'localhost',
    'database': 'files_to_check',
    'raise_on_warnings': True,
}

try:
    # Try to connect to database
    cnx = mysql.connector.connect(**config)


    # Pointer of the sql
    cursor = cnx.cursor()

    # Query to get the files from the database
    query = ("SELECT filename FROM filenames")
    queryhash = ("SELECT hash FROM filenames")

    # Execute the query
    cursor.execute(query)

    # select all the filenames from database
    # array to fill with the files from the database
    files_to_check = [str(row[0]) for row in cursor.fetchall()]
    cursor.close()

    cursor = cnx.cursor()
    cursor.execute(queryhash)
    # array to fill with the hash from the database
    hash_to_check = [str(row[0]) for row in cursor.fetchall()]

# Error definition on connection
except mysql.connector.Error as err:
    # Check username and password
    if err.errno == errorcode.ER_ACCESS_DENIED_ERROR:
        print("[*] Username or password are invalid")
    elif err.errno == errorcode.ER_BAD_DB_ERROR:
        # Check if database that are connection exists
        print("[*] Database does not exist")
    else:
        print(err)
else:
    cnx.close()
Improve this question
7
  • What do you consider "secure"? What's your goal? If you want to get credentials out of the source code, the idiomatic thing to do is create a configuration file and read that in, like config.json and then in code config = json.load(open("config.json")) Commented Sep 20, 2017 at 12:08
  • Not to go on the source code Sorry, let me try to explain better This is part of an app that is to be distributed by lets imagine 50 people, and I didn't want that they could access the database information by reverse engineering or something Commented Sep 20, 2017 at 12:10
  • But the host is a the 'localhost'? Commented Sep 20, 2017 at 12:11
  • Check this question out: stackoverflow.com/questions/6981064/… Commented Sep 20, 2017 at 12:12
  • @WillemVanOnsem No, that it's just to try locally to apply on a real database Commented Sep 20, 2017 at 12:13

2 Answers 2

Reset to default
4

I'm guessing your question is how to not have to include the DB information (host, port, password, etc.) in the code. I would say the two easiest ways are:

  • Environment variables
  • Separate configuration files

Environment variables

import os

config = {
    'user': os.getenv('DB_USER'),
    'password': os.getenv('DB_PASSWORD'),
    'host': os.getenv('DB_HOST'),
    'database': os.getenv('DB_DATABASE'),
    'raise_on_warnings': os.getenv('DB_DATABASE', 'true') == 'true',
}

Configuration file

import json

with open('config.json') as file:
    config = json.load(file)
Improve this answer
Sign up to request clarification or add additional context in comments.

15 Comments

@ShwSvn: you need to take steps at the OS level to secure the config file.
If you require a separate config file, you can just not distribute it anywhere, and people will have to build their own. This makes sense because everyone will have different credentials to put in
@ShwSvn In this case I would create two different components: a web server that has a public API endpoint that takes a file hash that the web server then looks up in the database. This way the DB credentials only have to be in your web server to which only you have access. The second part would the anti-cheat client that the users would have on their machines. This client sends the file hashes to the web server api endpoint, therefore they don't need the DB credentials.
@ShwSvn: sorry, your anti-cheat description was not clear to me. You are trying to prevent file tampering? Paco's idea seems reasonable, i.e. send file hashes to a service on your server to detect altered files. Anyway, it's a bad idea to give public access to your database, so writing your own web service avoids that requirement. You can use something like flask or bottle for a lightweight and easy to implement service.
@ShwSvn The simplest way to do the web server with one endpoint in python would be Flask.
|
3

One way is to use an external config file to store the user, password, and other sensitive information.

Then use your operating system's permission system to restrict access to that file such that your application can read the file, but other unprivileged users can not.

Also make sure that you use a SSL connection to the database.

You should also look at authentication plugins.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.