ʾÀý´úÂ루Python£©
importhashlibdefhash_data(data):sha256=hashlib.sha256()sha256.update(data.encode('utf-8'))returnsha256.hexdigest()#ʾÀýÓ÷¨data="SensitiveData"hashed_data=hash_data(data)print(f"HashedData:{hashed_data}")
Êý¾Ý×îС»¯
Ö»´«ÊäÐëÒªÊý¾Ý£º½öÔÚÐëҪʱ´«ÊäÃô¸ÐÊý¾Ý£¬£¬£¬£¬£¬£¬ïÔÌÊý¾Ýй¶µÄΣº¦¡£¡£¡£¡£¡£ÔÝʱ´æ´¢Êý¾Ý£ºÔÚ´¦Öóͷ£Ãô¸ÐÊý¾Ýʱ£¬£¬£¬£¬£¬£¬Ö»¹ÜʹÓÃÔÝʱ´æ´¢£¬£¬£¬£¬£¬£¬²¢ÔÚ´¦Öóͷ£Íê³ÉºóʵʱÕûÀí¡£¡£¡£¡£¡£
ͨ¹ýÒÔÉÏÏêϸÆÊÎöºÍÊÊÓÃÖ¸ÄÏ£¬£¬£¬£¬£¬£¬ÏàÐÅÄãÏÖÔÚ¶ÔºìÌÒÊÓò¤Òþ²ØÉú³ÝÕâÒ»¿´·¨ÓÐÁ˸üÉîÈëµÄÃ÷È·£¬£¬£¬£¬£¬£¬²¢Äܹ»ÔÚÏÖʵ¿ª·¢ÖÐÓÐÓõر£?»¤Ãô¸ÐÊý¾Ý¡£¡£¡£¡£¡£ÎÞÂÛÊÇÊý¾Ý¼ÓÃÜ¡¢Êý¾Ý¹þÏ£»£»£»£»£»£ÕÕ¾ÉÊý¾ÝÍÑÃô£¬£¬£¬£¬£¬£¬Ã¿Ò»ÖÖÒªÁì¶¼ÓÐÆäÌØ¶¨µÄÓ¦Óó¡¾°ºÍÓÅÈõµã£¬£¬£¬£¬£¬£¬Ñ¡ÔñºÏÊʵÄÒªÁ첢͎áÏêϸÇéÐÎʹÓ㬣¬£¬£¬£¬£¬²Å»ªÕæÕýµÖ´ïÊý¾ÝÇå¾²ºÍÒþ˽±£»£»£»£»£»£»¤µÄÄ¿µÄ¡£¡£¡£¡£¡£
ÔÚ¼ÌÐøÉîÈë̽ÌÖºìÌÒÊÓò¤Òþ²ØÉú³ÝµÄ´úÂëÆÊÎöÓëÊÊÓÃÖ¸ÄÏÖ®ºó£¬£¬£¬£¬£¬£¬±¾ÎĽ«½øÒ»²½ÌÖÂÛÔõÑùÔÚÏÖʵ¿ª·¢ÇéÐÎÖÐÓÐÓüÌÐøÉîÈë̽ÌÖºìÌÒÊÓò¤Òþ²ØÉú³ÝµÄ?´úÂëÆÊÎöÓëÊÊÓÃÖ¸ÄÏ£¬£¬£¬£¬£¬£¬±¾ÎĽ«Ì½ÌÖ¸ü¶àʵս¼¼ÇɺÍ×î¼Ñʵ¼ù£¬£¬£¬£¬£¬£¬×ÊÖúÄãÔÚÏÖʵ¿ª·¢ÇéÐÎÖÐÓÐÓõر£»£»£»£»£»£»¤Ãô¸ÐÊý¾Ý¡£¡£¡£¡£¡£
¿ª·¢ÇéÐεÄÇå¾²ÉèÖÃ
ÇéÐαäÁ¿¹ÜÀí£ºÃô¸ÐÐÅÏ¢ÈçAPIÃÜÔ¿¡¢Êý¾Ý¿âÃÜÂëµÈÓ¦´æ´¢ÔÚÇéÐαäÁ¿ÖУ¬£¬£¬£¬£¬£¬¶ø·ÇÓ²±àÂëÔÚ´úÂëÖС£¡£¡£¡£¡£¿£¿£¿£¿£¿£¿£¿£¿ÉÒÔʹÓÃÈç.envÎļþÀ´¹ÜÀíÕâЩÇéÐαäÁ¿£¬£¬£¬£¬£¬£¬²¢ÔÚ´úÂëÖÐͨ¹ýdotenv¿â¾ÙÐжÁÈ¡¡£¡£¡£¡£¡£fromdotenvimportload_dotenvimportosload_dotenv()api_key=os.getenv('API_KEY')´úÂëÉó²é£º°´ÆÚ¾ÙÐдúÂëÉó²é£¬£¬£¬£¬£¬£¬È·±£Ã»ÓÐÃô¸ÐÐÅϢй¶¡£¡£¡£¡£¡£
¿ÉÒÔʹÓù¤¾ßÈçgit-secretsÀ´¼ì²â´úÂëÖеÄÃô¸ÐÐÅÏ¢¡£¡£¡£¡£¡£#×°ÖÃgit-secretspipinstallgit-secrets#ÉèÖÃgit-secretsgitsecrets--install#ʹÓÃgit-secrets¼ì²é¿ÍÕ»gitsecrets--scan
ÈÕÖ¾ºÍ¼à¿Ø
ÔÚÏÖʵ¿ª·¢ÖУ¬£¬£¬£¬£¬£¬ÓÐÓõÄÈÕÖ¾ºÍ¼à¿ØÏµÍ³¿ÉÒÔ×ÊÖúÎÒÃÇʵʱ·¢Ã÷ºÍÏìÓ¦Çå¾²ÊÂÎñ£º
Çå¾²ÈÕÖ¾¼Í¼£º¼Í¼Ãô¸Ð²Ù×÷ºÍ»á¼ûÈÕÖ¾£¬£¬£¬£¬£¬£¬ÒÔ±ãÔÚ±¬·¢Çå¾²ÊÂÎñʱ¿ÉÒÔ×·ËÝ¡£¡£¡£¡£¡£importlogginglogger=logging.getLogger('security')logger.setLevel(logging.INFO)handler=logging.FileHandler('security.log')formatter=logging.Formatter('%(asctime)s-%(levelname)s-%(message)s')handler.setFormatter(formatter)logger.addHandler(handler)logger.info('Useraccessedsensitivedata')ʵʱ¼à¿ØºÍ¸æ¾¯£ºÊ¹ÓÃ¼à¿Ø¹¤¾ßÈçPrometheus¡¢Grafana¾ÙÐÐʵʱ¼à¿Ø£¬£¬£¬£¬£¬£¬²¢ÉèÖø澯սÂÔ¡£¡£¡£¡£¡£
¿ª·¢ÇéÐεÄÇå¾²ÉèÖÃ
ÇéÐαäÁ¿¹ÜÀí£ºÃô¸ÐÐÅÏ¢ÈçAPIÃÜÔ¿¡¢Êý¾Ý¿âÃÜÂëµÈÓ¦´æ´¢ÔÚÇéÐαäÁ¿ÖУ¬£¬£¬£¬£¬£¬¶ø·ÇÓ²±àÂëÔÚ´úÂëÖС£¡£¡£¡£¡£¿£¿£¿£¿£¿£¿£¿£¿ÉÒÔʹÓÃÈç.envÎļþÀ´¹ÜÀíÕâЩÇéÐαäÁ¿£¬£¬£¬£¬£¬£¬²¢ÔÚ´úÂëÖÐͨ¹ýdotenv¿â¾ÙÐжÁÈ¡¡£¡£¡£¡£¡£fromdotenvimportload_dotenvimportosload_dotenv()api_key=os.getenv('API_KEY')´úÂëÉó²é£º°´ÆÚ¾ÙÐдúÂëÉó²é£¬£¬£¬£¬£¬£¬È·±£Ã»ÓÐÃô¸ÐÐÅϢй¶¡£¡£¡£¡£¡£
¿ÉÒÔʹÓù¤¾ßÈçgit-secretsÀ´¼ì²â´úÂëÖеÄÃô¸ÐÐÅÏ¢¡£¡£¡£¡£¡£#×°ÖÃgit-secretspipinstallgit-secrets#ÉèÖÃgit-secretsgitsecrets--install#ʹÓÃgit-secrets¼ì²é¿ÍÕ»gitsecrets--scan
ʲôÊÇÒþ²ØÉú³ÝÉèÖÃÒªÁì
ÅÆ¾Ö×îÏÈǰµÄ×¼±¸£ºËùÓÐÍæ¼Ò½«×Ô¼ºµÄÊÖÅÆ¾ÙÐÐÏ´ÅÆ£¬£¬£¬£¬£¬£¬²¢ÇÒÿ¸öÍæ¼Ò¶¼ÒªÔÚ×Ô¼ºµÄ?ÅÆÃæÉÏ×öÉÏÒ»µÀ?Òþ²Ø±ê¼Ç£¬£¬£¬£¬£¬£¬ÕâÑù¿ÉÒÔÈ·±£×Ô¼ºµÄÅÆ²»»á±»µÐÊÖ¿´µ½¡£¡£¡£¡£¡£
·ÖÅÉÅÆ£ºÔÚÈ·±£ËùÓÐÍæ¼ÒÅÆÃæ¶¼ÓÐÒþ²Ø±ê¼ÇµÄÇéÐÎÏ£¬£¬£¬£¬£¬£¬¾ÙÐÐÅÆµÄ·ÖÅÉ¡£¡£¡£¡£¡£ÕâÑù£¬£¬£¬£¬£¬£¬Ã¿¸öÍæ¼Ò¶¼ÓÐ×Ô¼ºµÄÒ»Ì×Òþ²ØÅÆ£¬£¬£¬£¬£¬£¬µÐÊÖÎÞ·¨¿´µ½¡£¡£¡£¡£¡£
ÓÎÏ·×îÏÈ£ºÓÎÏ·×îÏȺ󣬣¬£¬£¬£¬£¬Ã¿¸öÍæ¼ÒÔÚ¾ÙÐгöÅÆ¡¢½ÐÅÆµÈ²Ù×÷ʱ£¬£¬£¬£¬£¬£¬¶¼²»¿ÉÈõÐÊÖ¿´µ½×Ô¼ºµÄ?ÊÖÅÆ¡£¡£¡£¡£¡£ÕâÑù£¬£¬£¬£¬£¬£¬¿ÉÒÔÔÚÓÎÏ·Àú³ÌÖмá³Ö×Ô¼ºµÄÅÆµÄ?ÒþÃØÐÔ¡£¡£¡£¡£¡£
ÖÆ¶©Õ½ÂÔ£ºÔÚÓÎÏ·ÖУ¬£¬£¬£¬£¬£¬Æ¾Ö¤×Ô¼ºµÄÅÆ¾ÖÒÔ¼°µÐÊֵ͝Ïò£¬£¬£¬£¬£¬£¬ÎÞаÔËÓÃÒþ²ØÉú³ÝÉèÖõÄÒªÁ죬£¬£¬£¬£¬£¬Öƶ©³ö×î¼ÑµÄÕ½ÂÔ¡£¡£¡£¡£¡£Õâ°üÀ¨ÔÚÐèҪʱð³ä³öÅÆ¡¢ÖÆÔìÎ󵼵ȡ£¡£¡£¡£¡£
Êý¾Ý´æ´¢Çå¾²
Êý¾Ý¿â¼ÓÃÜ£ºÊ¹ÓÃÊý¾Ý¿âµÄÄÚÖüÓÃܹ¦Ð§¶ÔÃô¸ÐÊý¾Ý¾ÙÐмÓÃÜ´æ´¢¡£¡£¡£¡£¡£ÀýÈ磬£¬£¬£¬£¬£¬PostgreSQLÖ§³ÖÁм¶¼ÓÃÜ¡£¡£¡£¡£¡£CREATETABLEusers(idSERIALPRIMARYKEY,usernameVARCHARNOTNULL,passwordTEXTENCRYPTEDWITH(algorithm='pgcrypto'));»á¼û¿ØÖÆ£ºÑÏ¿á¿ØÖÆ¶ÔÊý¾Ý¿âµÄ»á¼ûȨÏÞ£¬£¬£¬£¬£¬£¬½öÊÚÓèÐëÒªµÄȨÏÞ¡£¡£¡£¡£¡£
GRANTSELECT,UPDATEONusersTOread_only_user;GRANTALLPRIVILEGESONusersTOadmin_user;
ʾÀý´úÂ루Python£©
defredact_data(data,sensitive_info):fromfunctoolsimportpartialfromredactimportredactredact_sensitive_info=partial(redact,info=sensitive_info,replacement='')returnredact_sensitive_info(data)#ʾÀýÓ÷¢data="UserID:12345,Email:user@example.com"redacted_data=redact_data(data,"12345,user@example.com")print(f"RedactedData:{redacted_data}")
У¶Ô£ºË®¾ùÒæ(f3J1ePQDlzHhwh44q38w4Ima2E3XrDq)



