wey-gu
commented
1 year ago Thanks @bangsun1234 we need to provide a secured way to pass the credential with importer(and other tooling).
cc @MuYiYong
Open bangsun1234 opened 1 year ago
wey-gu
commented
1 year ago Thanks @bangsun1234 we need to provide a secured way to pass the credential with importer(and other tooling).
cc @MuYiYong
veezhang
commented
1 year ago @wey-gu Maybe env parameter is suitable? Configure it in config file is indeed less secure.
For example NG_PASSWORD or NEBULAGRAPH_PASSWORD.
And nebula-console have similar question.
@MuYiYong
veezhang
commented
1 year ago @bangsun1234 Thank you! I think it may not be appropriate to use an encryption algorithm, because the encrypted string can still connect to the database, so encryption is meaningless?
wey-gu
commented
1 year ago Maybe env parameter is suitable? Configure it in config file is indeed less secure. For example NG_PASSWORD or NEBULAGRAPH_PASSWORD.
Agreed 👍🏻 @veezhang
In the production environment, the configuration file cannot contain plaintext passwords. The password needs to be encrypted. We need to use an encryption algorithm 'PBEWithHmacSHA256AndAES_256'.