So I’ve been scowering the web for an answer, but haven’t found one that quite satisfies my curiosity/anxiety. I’m running a python script to insert data from a collection of XL files into a database. Is there any possibility of security breaches while running the script locally? I think my hesitation is derived from having to hard code the password into the connection string. Any insights would be much appreciated!
For extra information, I’m using the mysql.connector package in Python, and connecting to a MySQL database.
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
I’d recommend keeping the user & password separate from your Python code. You can store those options in a MySQL options file just like other MySQL clients. See https://dev.mysql.com/doc/connector-python/en/connector-python-option-files.html
cnx = mysql.connector.connect(option_files='/etc/mysql/connectors.cnf')
Ideally you would not merely use a password, but you’d use SSL options so the traffic to your MySQL instance is encrypted. This will prevent wire-tappers from reading your packets. See the
ssl_* options among the connection options: https://dev.mysql.com/doc/connector-python/en/connector-python-connectargs.html
SSL does not apply if the Python script is on the same host as the MySQL server and the script connects to “localhost” using the UNIX socket instead of TCP. There’s no way for an attacker to wiretap that traffic.
You need to be careful about the file permissions on the
.cnf file, so unauthorized users on that host can’t read it.
If you there’s risk that an unauthorized user can break into the superuser account on your host, then there’s not much you can do to protect against that.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0