Add 'Keeping Credentials'
Ben D
25
Keeping-Credentials.md
Normal file
25
Keeping-Credentials.md
Normal file
@@ -0,0 +1,25 @@
|
|||||||
|
Configuration is stored localy in the `config.json` file.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
**THIS IS NOT SAFE**
|
||||||
|
Password storage, you can store your credentials in the `config.json` file, however your passwords will be stored as plaintext making them exposed to anyone with access to the system.
|
||||||
|
|
||||||
|
By default the script will not save your passwords and you will be required to enter them each time the script starts.
|
||||||
|
If you choose to save your credentials in the `config.json` file, you assume all risk and security implications of doing so.
|
||||||
|
|
||||||
|
It is advised that you add an additional routine to the script, that encrypt/decrypt the values stored for passwords in the `config.json` file.
|
||||||
|
|
||||||
|
Below is a Base64 example, however, base64 should not be used for encrypting passwords as it is easily reversed.
|
||||||
|
```
|
||||||
|
password = "my_password".encode("utf-8")
|
||||||
|
encoded = base64.b64encode(password)
|
||||||
|
print(encoded)
|
||||||
|
|
||||||
|
decoded = base64.b64decode(encoded)
|
||||||
|
print(decoded)
|
||||||
|
Output
|
||||||
|
```
|
||||||
|
|
||||||
|
You should instead use a cryptography library such as [cryptography](https://pypi.org/project/cryptography/). The usage and details of which are beyond the scope of this demo library and are left to the end user to implement for themself.
|
||||||
|
|
||||||
Reference in New Issue
Block a user