HardCoded Credentials - Githubissues

cheattheweb commented 5 months ago

Boot.py

def do_connect(): ssid = 'ssid' password = 'password'

ThingESP

account_sid = '' auth_token = ''

# Set up the Twilio API URL for sending WhatsApp messages
twilio_url = 'https://api.twilio.com/2010-04-01/Accounts/{}/Messages.json'.format(account_sid)

# Set up the request headers
headers = {
    'Content-Type': 'application/x-www-form-urlencoded',
}

# Set up the request payload (message details)
payload = {
    'To': 'whatsapp%3A%2Bxxxxxxxxxxxx',  # Replace with the recipient's WhatsApp number
    'From': 'whatsapp%3A%2Bxxxxxxxxxx',  # Replace with your Twilio WhatsApp number
    'Body': msg,  # Message content
}

The problem

Hardcoded Credentials: The send_msg & do_connect functions contain hardcoded credentials for the Twilio API. It's better to move these to a configuration file or environment variables for security reasons.

Solution

Configuration Files: You can store your credentials in a separate configuration file. The configuration file should not be included in the version control system. You can use JSON, YAML, or INI file formats for the configuration file. Here is an example with a JSON file:

` python
import json

with open('config.json') as f:
    config = json.load(f)

account_sid = config['TWILIO_ACCOUNT_SID']
auth_token = config['TWILIO_AUTH_TOKEN']
`

Your `config.json` file would look like this:

`json
{
    "TWILIO_ACCOUNT_SID": "your_account_sid",
    "TWILIO_AUTH_TOKEN": "your_auth_token"
}
`

cheattheweb commented 5 months ago

Not that your code won't work But good practice, and makes the Code more readable for otheres

EiadurRahman commented 5 months ago

Boot.py

def do_connect(): ssid = 'ssid' password = 'password'

ThingESP

account_sid = '' auth_token = ''
# Set up the Twilio API URL for sending WhatsApp messages
twilio_url = 'https://api.twilio.com/2010-04-01/Accounts/{}/Messages.json'.format(account_sid)

# Set up the request headers
headers = {
    'Content-Type': 'application/x-www-form-urlencoded',
}

# Set up the request payload (message details)
payload = {
    'To': 'whatsapp%3A%2Bxxxxxxxxxxxx',  # Replace with the recipient's WhatsApp number
    'From': 'whatsapp%3A%2Bxxxxxxxxxx',  # Replace with your Twilio WhatsApp number
    'Body': msg,  # Message content
}
The problem

Hardcoded Credentials: The send_msg & do_connect functions contain hardcoded credentials for the Twilio API. It's better to move these to a configuration file or environment variables for security reasons.

Solution

Configuration Files: You can store your credentials in a separate configuration file. The configuration file should not be included in the version control system. You can use JSON, YAML, or INI file formats for the configuration file. Here is an example with a JSON file:
` python
import json

with open('config.json') as f:
    config = json.load(f)

account_sid = config['TWILIO_ACCOUNT_SID']
auth_token = config['TWILIO_AUTH_TOKEN']
`

Your `config.json` file would look like this:

`json
{
    "TWILIO_ACCOUNT_SID": "your_account_sid",
    "TWILIO_AUTH_TOKEN": "your_auth_token"
}
`

yeah I thought to do that, I'll add that in future

EiadurRahman / semiautomated_plant_care

HardCoded Credentials #5

Boot.py

ThingESP

The problem

Solution

Boot.py

ThingESP

The problem

Solution