Menu
I have a Python script that interfaces with an API. The script is started from a PHP page. I wrote both scripts, so I can change the code in either as appropriate.
The Python script needs a username and password to interface with the API. My first inclination is to pass them to Python as CLI arguments:
<?php
exec('python someScript.py AzureDiamond hunter2');
?>
However, anybody can then see the credentials via ps:
$ ps | grep someScript
1000 23295 2.0 0.2 116852 9252 pts/0 S+ 15:47 0:00 python someScript.py AzureDiamond hunter2
Alternatives that I am considering are to write the data to a text file or sqlite database, then to delete them. Are there any better ideas? A constraint with the sqlite approach is that this needs to run in a rather portable fashion (phpFox Plugin) and most budget webhosts don't support the sqlite3 module.
509
You could use environment variables which you set in PHP and read in the Python script.
175
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
