I was playing around with Selenium and Python and writing a program that would log in to one of my local pizza shops website and place my regular order for me with the click of a button.
I then got curious about what the best approach would be to protect log in credentials in a situation like this since the username and password are written directly into the code. I read about 64 bit encoding but that doesn't seem to be secure. I also thought about creating a separate file that would hold the account information but then the file path for it would still have be in the code (I assume?) and they could just access that if they wanted to.
I really have no need to secure my pizza ordering, this is more a general question that peaked my interest. I was wondering if anybody could point me in some good directions. Not my exact code below but just code to show general idea of what I mean. Thanks in advance for any help!
driver = webdriver.Chrome()
username = driver.find_element_by_id("username")
password = driver.find_element_by_id("password")
username.send_keys("YourUsername")
password.send_keys("PassworD")
driver.find_element_by_name("submit").click()
CodePudding user response:
A common approach for storing secrets is to use a .env
file.
This is a simple file that it is usually stored at the project's root. The concept is that when the python script is executed every variable contained in the .env
file is injected in the running environment too. Then, inside the script you can obtain these values as if they were env vars with os.getenv("MY_SECRET")
.
This file should also be included in .gitignore
in order to prevent it from uploading to the code repository.
The dotenv
python module is a utility to help with this approach. You can read more here https://github.com/theskumar/python-dotenv
CodePudding user response:
For security reason if you don't want to store the username/password within the code or store it in a text/csv/excel file you can take the user input runtime using input()
as follows:
driver.find_element_by_id("username").send_keys(input("Username: "))
driver.find_element_by_id("password").send_keys(input("Password: "))