个人中心
gpt4 book ai didi

Securely connect to a database from a CLI(从CLI安全地连接到数据库)

翻译 作者:bug小助手 更新时间:2023-10-26 22:21:04 26 4
gpt4 key购买 nike



I am writing a CLI in Kotlin primarily using this library: the CLIKT Library and I am using Gradle to manage dependencies

我正在用Kotlin编写一个CLI,主要使用这个库:CLIKT库,我正在使用Gradle来管理依赖项


I have a separate Django website that I have deployed to Heroku

我有一个单独的Django网站,我已经部署到Heroku


This Heroku app has a heroku-postgresql add-on (Not sure if this is relevant: I haven't configured or populated the postgresql database)

这款Heroku应用程序有一个Heroku-PostgreSQL插件(不确定这是否相关:我还没有配置或填充PostgreSQL数据库)


I want the CLI to securely connect to the database and read some JSON from it

我希望CLI安全地连接到数据库并从中读取一些JSON


My goal is to distribute the CLI through the Django website (I'm mentioning this because I want you to know that the CLI will be available to anyone which is why I need it to securely connect to the database)

我的目标是通过Django网站分发CLI(我提到这一点是因为我想让您知道,任何人都可以使用CLI,这就是我需要它来安全地连接到数据库的原因)


更多回答

"I want the CLI to be available to anyone" - then whom do you want to secure your database against? It sounds like you want everyone to be able to connect to and use your database, in which case there is no need to secure it.

“我希望CLI对任何人都可用”--那么,您希望针对谁来保护您的数据库?这听起来像是希望每个人都能够连接和使用您的数据库,在这种情况下,没有必要保护它。

I wasn't sure of the best way to phrase it. I want anyone to be able to connect and access data but not modify. And when I said "secure", I meant that I wasn't sure of the best way to store credentials. For example, when I deployed my Heroku app, I was able to setup my SECRET_KEY into an environment variable. I don't know of the best way to do that with things like my database URL

我不确定最好的表达方式。我希望任何人都能够连接和访问数据,但不能修改。当我说“安全”时,我的意思是我不确定存储凭据的最佳方式。例如,当我部署Heroku应用程序时,我能够将SECRET_KEY设置为环境变量。我不知道用我的数据库URL这样的东西做这件事的最好方法

You don't, then. Putting the credentials to your database in the cli application that you distribute gives everyone those credentials. You could create a restricted database user that has only SELECT permissions on the relevant tables/columns, and make the credentials for that public, but it would still allow people to DOS-attack your database. The established approach is to build a HTTP API in your web application, and contact that from your cli application. It might be completely open or secured using http auth, but you at least control the SQL.

那你就不需要了。将凭据放到您分发的CLI应用程序中的数据库中,每个人都会获得这些凭据。您可以创建一个仅对相关表/列具有SELECT权限的受限数据库用户,并公开该用户的凭据,但这仍然允许人们对您的数据库进行DOS攻击。已建立的方法是在您的Web应用程序中构建一个HTTP API,并从您的CLI应用程序联系该API。它可能是完全开放的,也可能是使用http auth保护的,但您至少可以控制SQL。

Alright, I see. Thank you for your help.

好吧,我明白了。感谢你的帮助.

优秀答案推荐
更多回答

26 4 0
文章推荐: CSS bootstrap keep at least 2 columns(Css引导至少保留2列)
文章推荐: Why does my Intellisense for Unity in VS Code not work?(为什么我的IntelliSense for Unity在VS代码中不工作?)
文章推荐: How to Dynamically Increase the Height of a Widget in a Flutter Row Widget Based on Another Flexible Widget(如何基于另一个灵活的小部件动态增加扑动排小部件中小部件的高度)
文章推荐: How to create a table in a newly created database in PostgreSQL?(如何在PostgreSQL中新建的数据库中创建表?)
bug小助手
个人简介

我是一名优秀的程序员,十分优秀!

作者热门文章
滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com