python - Is it sure to authenticate with GitHub using requests with my username and a token generate in GitHub?
问题描述
I am trying to use the GitHub API to get repositories information getting it like a JSON. I use to do this, the library "requests". I want to authenticate with my account to get the rate limit 5000 request instead of 60 without authentication. The problem is that I am not sure that this solution can be secure
I am using this solution but I want to know that it is a good way to the requests or are there any better way?
url_repository = 'https://api.github.com/repos/XXXXX/YYYYY'
resp = requests.get(url=url_repository, auth=('username','token')
data = resp.json()
I expected a secure solution.
解决方案
First, always make sure that the communication is made over https
so the information will be encrypted between you and the server. The requests
module operates according to the url you specify.
Second, storing the credentials in the plain text in the code is almost never a good idea. I would suggest using the builtin getpass module.
This module allows you to input the token without echoing it back to the terminal emulator nor storing it inside your code.
This does require you to enter your token every time you run your script, but that is a compromise you have to make if you wish to go for a more secured solution.
Example Code
import getpass
url_repository = 'https://api.github.com/repos/XXXXX/YYYYY'
username = getpass.getuser()
token = getpass.getpass('Token: ')
resp = requests.get(url=url_repository, auth=(username, token)
data = resp.json()
推荐阅读
- c - 字符串和 isdigit 函数
- python-3.x - 如何计算环状形状内的内部面积(像素数)?
- python - Python - 根据列条件对值求和
- sql-server - Visual Studio 2019 MSSQL 数据库登录失败(权限问题)
- python - 使用参考列将列数据复制到新工作表
- python - 如何在打破内部功能的同时访问外部功能?
- javascript - 如何用 cookie 隐藏 div
- intellij-idea - 如何在idevim中为IntelliJ获取绝对行号和相对行号?
- sql - 希望在 2+ 列中使用 DIFFERENCE() 查找重复项
- linux - bash - 错误或超时关闭脚本