๐Authentication
This repo contains all types of security best practices for handling authentication
1. How to handle secure password while connecting with the Database ?
Instead of hardcoding passwords, using env
variable would be much better . Let's take example with Django and python
Problem
Hard code passwords can lead to security vulnerability which is significant security risk
Flexibility issue : can't be modified password without modifying code or client side
Version control Issue : storing hardcoded password in VS repo, with multiple access can lead to security risk
// Non compliant code
# settings.py
DATABASES = {
'postgresql_db': {
'ENGINE': 'django.db.backends.postgresql',
'NAME': 'quickdb',
'USER': 'sonarsource',
'PASSWORD': '', # Noncompliant
'HOST': 'localhost',
'PORT': '5432'
}
}
// complaint solution
# settings.py
import os
DATABASES = {
'postgresql_db': {
'ENGINE': 'django.db.backends.postgresql',
'NAME': 'quickdb',
'USER': 'sonarsource',
'PASSWORD': os.getenv('DB_PASSWORD'),
'HOST': 'localhost',
'PORT': '5432'
}
}
Let's take another DB example for MySQL connection
// Non Compliant code
from mysql.connector import connection
connection.MySQLConnection(host='localhost', user='sonarsource', password='')
// Compliant code
from mysql.connector import connection
import os
db_password = os.getenv('DB_PASSWORD')
connection.MySQLConnection(host='localhost', user='sonarsource', password=db_password)
References
Last updated