在Django设置中加密SMTP服务器密码
我有一个基于表单生成电子邮件并将其发送给三家服务供应商的视图:在Django设置中加密SMTP服务器密码,django,encryption,smtp,Django,Encryption,Smtp,我有一个基于表单生成电子邮件并将其发送给三家服务供应商的视图: def quote(request): if request.method == 'POST': . . . send_mail( 'Quote Request: ....', 'Message Body', 'myemail@email.com', ['vendor1@email.com, vendor2@email.com, vendor3@email.co
def quote(request):
if request.method == 'POST':
.
.
.
send_mail(
'Quote Request: ....',
'Message Body',
'myemail@email.com',
['vendor1@email.com, vendor2@email.com, vendor3@email.com]
)
在我的设置中,定义了TLS、主机、用户、密码和端口号:
EMAIL_USE_TLS = True
EMAIL_HOST = 'stmp.office365.com'
EMAIL_HOST_USER = 'myemail@email.com'
EMAIL_HOST_PASSWORD = 'My Plain Text Password That I Want to Encrypt Here!'
EMAIL_PORT = 587
这个过程非常有效,但是我需要加密这个纯文本密码。这样做的最佳方式是什么 我也有同样的问题,我的意思是人们现在总是使用原始密码。。。一个例子;使用函数进行加密并将原始密码返回到新变量,当然人们只需打印该变量即可知道原始密码 但是如果你用eg处理它;表单(在发送电子邮件之前需要输入密码),我认为这是可能的。。。这就是我脑子里想的 Django有一个处理密码的函数,它是 将此编码密码放入您的
设置.py
EMAIL_HOST_PASSWORD = 'pbkdf2_sha256$30000$74DtkZMARQHr$rC3CEdtDnDjRYE5U2ZRiWxuT+HQf3Aq1KTStpypZDV8='
然后,每次您需要发送电子邮件时,您都需要键入您拥有的原始密码,此条件用于检查您的原始密码
下面的脚本是一个如何执行的示例
1<代码>表单.py
from django import forms
class QuoteForm(forms.Form):
subject = forms.CharField(widget=forms.TextInput())
message = forms.CharField(widget=forms.Textarea())
password = forms.CharField(widget=forms.PasswordInput())
....
from django.shortcuts import render, redirect
from django.contrib.auth import hashers
from django.conf import settings
from yourapp.forms import QuoteForm
ENCODED_PASSWORD = settings.EMAIL_HOST_PASSWORD
def quote(request):
template_name = 'yourtemplate.html'
if request.method == 'POST':
form = QuoteForm(request.POST)
if form.is_valid():
subject = form.cleaned_data['subject']
message = form.cleaned_data['message']
# in this section is important,
# so the password only known by it owner.
password = form.cleaned_data['password']
is_matched = hashers.check_password(password, ENCODED_PASSWORD)
if is_matched:
# change default encoded password from the settings,
# with original password from field of `password`.
settings.EMAIL_HOST_PASSWORD = password
send_mail(
subject, message, settings.EMAIL_HOST_USER,
['vendor1@email.com, vendor2@email.com, vendor3@email.com]
)
return redirect('/success/page/')
return redirect('/password-failed/page/')
else:
context = {'form': form, 'errors': form.errors}
return render(request, template_name, context)
else:
form = QuoteForm()
return render(request, template_name, {'form':form})
2<代码>视图.py
from django import forms
class QuoteForm(forms.Form):
subject = forms.CharField(widget=forms.TextInput())
message = forms.CharField(widget=forms.Textarea())
password = forms.CharField(widget=forms.PasswordInput())
....
from django.shortcuts import render, redirect
from django.contrib.auth import hashers
from django.conf import settings
from yourapp.forms import QuoteForm
ENCODED_PASSWORD = settings.EMAIL_HOST_PASSWORD
def quote(request):
template_name = 'yourtemplate.html'
if request.method == 'POST':
form = QuoteForm(request.POST)
if form.is_valid():
subject = form.cleaned_data['subject']
message = form.cleaned_data['message']
# in this section is important,
# so the password only known by it owner.
password = form.cleaned_data['password']
is_matched = hashers.check_password(password, ENCODED_PASSWORD)
if is_matched:
# change default encoded password from the settings,
# with original password from field of `password`.
settings.EMAIL_HOST_PASSWORD = password
send_mail(
subject, message, settings.EMAIL_HOST_USER,
['vendor1@email.com, vendor2@email.com, vendor3@email.com]
)
return redirect('/success/page/')
return redirect('/password-failed/page/')
else:
context = {'form': form, 'errors': form.errors}
return render(request, template_name, context)
else:
form = QuoteForm()
return render(request, template_name, {'form':form})
我不确定这个解决方案是否更好,因为它当然对用户来说很困难
考虑使用环境变量来保持信息的机密性。本指南可帮助您: