Add 'Keeping Credentials'
Ben D
25
Keeping-Credentials.md
Normal file
25
Keeping-Credentials.md
Normal file
@@ -0,0 +1,25 @@
|
||||
Configuration is stored localy in the `config.json` file.
|
||||
|
||||
|
||||
|
||||
**THIS IS NOT SAFE**
|
||||
Password storage, you can store your credentials in the `config.json` file, however your passwords will be stored as plaintext making them exposed to anyone with access to the system.
|
||||
|
||||
By default the script will not save your passwords and you will be required to enter them each time the script starts.
|
||||
If you choose to save your credentials in the `config.json` file, you assume all risk and security implications of doing so.
|
||||
|
||||
It is advised that you add an additional routine to the script, that encrypt/decrypt the values stored for passwords in the `config.json` file.
|
||||
|
||||
Below is a Base64 example, however, base64 should not be used for encrypting passwords as it is easily reversed.
|
||||
```
|
||||
password = "my_password".encode("utf-8")
|
||||
encoded = base64.b64encode(password)
|
||||
print(encoded)
|
||||
|
||||
decoded = base64.b64decode(encoded)
|
||||
print(decoded)
|
||||
Output
|
||||
```
|
||||
|
||||
You should instead use a cryptography library such as [cryptography](https://pypi.org/project/cryptography/). The usage and details of which are beyond the scope of this demo library and are left to the end user to implement for themself.
|
||||
|
||||
Reference in New Issue
Block a user