出于安全原因,我不想将所有数据库信息以明文形式存储在 settings.py 中。我想在 Django 服务器启动时将信息加载到内存中(即 - 设置 DATABASE 设置变量)。
我怎样才能做到这一点?
编辑:我认为这里有一个误解。这个想法是划分安全性。如果攻击者成功访问了 django 机器,我不希望他们能够访问数据库(在不同的机器上)。这并非不合理。显然,当机器重新启动时,必须重新输入信息——但这就是完全划分的成本。使用这种方法,入侵 django 服务器机器不会影响数据的安全性。
问问题
69 次
1 回答
-1
You can move the database settings to another file but what do you gain? The details would need to be stored somewhere: the server can't load the details into memory and then delete the file from which it read the details because then it won't be able to connect to the database the next time it restarts.
It would also needlessly complicate your system because your system has already been compromised when someone can read the source. You should worry more about that than moving all passwords (and similar details, such as API keys) into special files elsewhere.
于 2012-07-04T06:34:45.813 回答