0

我正在通过登录下拉一些 html。无论如何,我的密码不是在代码中以纯文本形式输入的吗?我可以使用一些混淆技术吗?

理想情况下,我想要一个包含我的密码的文件,该文件与我想共享的源代码分开。加载保存在 \docs\mypass.txt 中的密码的东西会很好用。然后我可以修改它来对我的真实密码进行简单的解读,这样我就可以在 mypass.txt 中保留一个加扰的版本

必须有一些简单的方法来进行查找和替换,<<mysecretepassword>>并从文本文件中获取它。

<% register.ZServLogin.grabItems("ClimbElCap", "<<mysecretpassword>>").each do |item| %>
4

2 回答 2

2

In my opinion, not to be taken heavily, you should never store your password as plain text in any file. And while you can obfuscate your password, where there is a lock there is always a key and keys can be duplicated. What I am trying to say is passwords can be unscrambled. Instead, try storing your password as a hash! I would use the module ruby provides called Digest however ruby does have some built in hash methods. ( But I will let you explore that area )

Example time! Lets assume that you want the user to provide a password and you want to store that password in a text file for later. You also want to be able to verify whether or not the password a user enters is correct. Lets begin:

#first you need to require the module
require 'digest'

#then you need to get the password from the user 
input = gets.chomp

#now the magic begins, using the digest module we are going to turn the password into a has
password = Digest::SHA1.hexdigest(input)

#and you can store it where ever and how ever you would like. ( If you are worried about corrupting your file you may want to look into PStore. A great class for persistence ) 
write = File.open("password.txt",'w') do |file|
  file.write(password)
end

#Lets say the program ends there but now we want to have the user login
puts "Login!"
print "Username: "
user = gets.chomp
print "Password: "
pass = gets.chomp

#Now in order for him to login we need to compare his password with the one stored in the file
read = File.read("password.txt")

pass = Digest::SHA1.hexdigest(pass)

puts pass == read ? "Passwords match : "Please try again"

Obviously there is a lot that needs to be done for this to work in your case. But I am just trying to give you options that you may or may not want to consider. Thanks and

Happy Coding!

于 2014-09-30T22:32:43.387 回答
1

我认为这是一个完美的示例,您可以在其中使用config/secrets.ymlRails 4.1 中引入的 (参见:http ://edgeguides.rubyonrails.org/4_1_release_notes.html#config-secrets-yml )。或类似 Figaro 的 gem(参见:https ://github.com/laserlemon/figaro )。

简而言之:将您的密钥添加到config/secrets.yml

development:
  foo_api_key: 'a-dummy-development-key'
production:
  foo_api_key: 'super-secret-production-key'

您不应该将此文件添加到您的版本控制系统,除非您ENV像这样加载生产密钥:

production:
  foo_api_key: <%= ENV['super-secret-production-key'] %>

在您的代码中,您可以像这样使用这些键:

...grabItems("ClimbElCap", Rails.application.secrets.foo_api_key)
于 2014-10-01T02:04:27.680 回答