我正在通过登录下拉一些 html。无论如何,我的密码不是在代码中以纯文本形式输入的吗?我可以使用一些混淆技术吗?
理想情况下,我想要一个包含我的密码的文件,该文件与我想共享的源代码分开。加载保存在 \docs\mypass.txt 中的密码的东西会很好用。然后我可以修改它来对我的真实密码进行简单的解读,这样我就可以在 mypass.txt 中保留一个加扰的版本
必须有一些简单的方法来进行查找和替换,<<mysecretepassword>>并从文本文件中获取它。
<% register.ZServLogin.grabItems("ClimbElCap", "<<mysecretpassword>>").each do |item| %>
In my opinion, not to be taken heavily, you should never store your password as plain text in any file. And while you can obfuscate your password, where there is a lock there is always a key and keys can be duplicated. What I am trying to say is passwords can be unscrambled. Instead, try storing your password as a hash! I would use the module ruby provides called Digest however ruby does have some built in hash methods. ( But I will let you explore that area )
Example time! Lets assume that you want the user to provide a password and you want to store that password in a text file for later. You also want to be able to verify whether or not the password a user enters is correct. Lets begin:
#first you need to require the module
require 'digest'
#then you need to get the password from the user
input = gets.chomp
#now the magic begins, using the digest module we are going to turn the password into a has
password = Digest::SHA1.hexdigest(input)
#and you can store it where ever and how ever you would like. ( If you are worried about corrupting your file you may want to look into PStore. A great class for persistence )
write = File.open("password.txt",'w') do |file|
file.write(password)
end
#Lets say the program ends there but now we want to have the user login
puts "Login!"
print "Username: "
user = gets.chomp
print "Password: "
pass = gets.chomp
#Now in order for him to login we need to compare his password with the one stored in the file
read = File.read("password.txt")
pass = Digest::SHA1.hexdigest(pass)
puts pass == read ? "Passwords match : "Please try again"
Obviously there is a lot that needs to be done for this to work in your case. But I am just trying to give you options that you may or may not want to consider. Thanks and
Happy Coding!
我认为这是一个完美的示例,您可以在其中使用config/secrets.ymlRails 4.1 中引入的 (参见:http ://edgeguides.rubyonrails.org/4_1_release_notes.html#config-secrets-yml )。或类似 Figaro 的 gem(参见:https ://github.com/laserlemon/figaro )。
简而言之:将您的密钥添加到config/secrets.yml:
development:
foo_api_key: 'a-dummy-development-key'
production:
foo_api_key: 'super-secret-production-key'
您不应该将此文件添加到您的版本控制系统,除非您ENV像这样加载生产密钥:
production:
foo_api_key: <%= ENV['super-secret-production-key'] %>
在您的代码中,您可以像这样使用这些键:
...grabItems("ClimbElCap", Rails.application.secrets.foo_api_key)