So I've been scowering the web for an answer, but haven't found one that quite satisfies my curiosity/anxiety. I'm running a python script to insert data from a collection of XL files into a database. Is there any possibility of security breaches while running the script locally? I think my hesitation is derived from having to hard code the password into the connection string. Any insights would be much appreciated!
For extra information, I'm using the mysql.connector package in Python, and connecting to a MySQL database.
CodePudding user response:
I'd recommend keeping the user & password separate from your Python code. You can store those options in a MySQL options file just like other MySQL clients. See https://dev.mysql.com/doc/connector-python/en/connector-python-option-files.html
cnx = mysql.connector.connect(option_files='/etc/mysql/connectors.cnf')
Ideally you would not merely use a password, but you'd use SSL options so the traffic to your MySQL instance is encrypted. This will prevent wire-tappers from reading your packets. See the ssl_*
options among the connection options: https://dev.mysql.com/doc/connector-python/en/connector-python-connectargs.html
SSL does not apply if the Python script is on the same host as the MySQL server and the script connects to "localhost" using the UNIX socket instead of TCP. There's no way for an attacker to wiretap that traffic.
You need to be careful about the file permissions on the .cnf
file, so unauthorized users on that host can't read it.
If you there's risk that an unauthorized user can break into the superuser account on your host, then there's not much you can do to protect against that.