问题描述
我正在使用带有node.js的mysql.像这样:
I'm using mysql with node.js. Something like this:
var mysql = require('mysql');
var connection = mysql.createConnection({
host : 'localhost',
user : 'me',
password : 'secret',
database : 'my_db'
});
connection.connect();
我只是想知道在服务器中硬编码数据库凭据(用户名和密码)是否不会损害安全性.如果可以,那么哪种更好的方法呢?
I was just wondering if having the database credentials (user and password) hardcoded in the server doesn't compromise security.If it does, what would be a better way of doing this?
推荐答案
处理此问题的最佳方法是将凭据存储在环境变量中.然后,您将像这样访问您的凭据:
The best way to handle this is to have your credentials stored in environment variables. You would then access your credentials like this:
var mysql = require('mysql');
var connection = mysql.createConnection({
host : process.env.DB_HOST,
user : process.env.DB_USER,
password : process.env.DB_PASS,
database : process.env.DB_NAME
});
connection.connect();
然后,您将使用诸如dotenv之类的库来设置环境变量.您会将环境变量放在一个.env文件中,该文件不随应用程序一起分发,也不在版本控制中.一个示例.env可能看起来像这样
Then you would use a library like dotenv to set environment variables. You would put your environment variables in a .env file that is not distributed with the application, and that isn't in version control. An example .env might look like this
DB_NAME=my_db
DB_HOST=localhost
DB_PASS=secret
DB_USER=me
https://www.npmjs.com/package/dotenv -有关此链接,请参见有关使用dotenv的更多信息,以及对应用程序中的12因素安全性进行一些研究:)
https://www.npmjs.com/package/dotenv - see this link for more information on using dotenv and do some research on 12 factor security in apps :)
这篇关于Node.js中的硬编码mysql用户和密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!