课程: R for Data Science: Lunch Break Lessons

Passwords

课程: R for Data Science: Lunch Break Lessons

开始一个月试用 购买团队方案

Passwords

- [Instructor] Okay, what's wrong with this code? In line two, I've created a vector and stored my password in it. In line four, I log into my bank account with that password. What's wrong? Well, the next time that I save this code, oh to say GitHub, or to a public repository, or publish it as part of a package, or put it up on an online course someplace, everyone is going to know my password. So let's take a minute and find out how you can safely write code that requires passwords for things like getting into APIs or logging in to secure accounts. Here's what you should do. And there's a couple a ways to do this. First, I'm going to file.edit and this is a standard file that I'm going to use, file.path. The file is located in my home directory and it's called .renviron. Now I've got a file that I can edit it's blank up here, and in here I'm going to put, we'll put R_myPassword equals quote something secret. And if I hit save, I've saved .renviron and now when I restart R, I can use the sys dot get environment and I call up r_myPassword. And in return what I get is the password that I've stored in the R environment file. Now the advantage here is that R environment is stored on my local hard drive and it will not be copied up to GitHub or to a public repository. So even though somebody sees me using sys dot get environment r_myPassword, they won't know what my password actually is. There's another way to do this and let's take a look at that. I can use the key ring located on my local system and the advantage here is that it's encrypted. It's not just available in an open file. So what I'll do is I'll install a package and the package is called keyring. And then I use library, just like I'd use library on any other package, keyring. And now I can use the operating system keyring. The keychain on Mac OS, Linux requires the lib secret library. So let's go ahead and clear up our screen and see how that works. I use the key_set and I'll give it a myPassword and when I hit return, I get a dialog asking me what that password might be and I'll type in my password here. And I hit OK. Now that's just been stored in my keyring and that's again encrypted. So I can't just search around for open text files and find it. To get that password back, what I'll use is key_get and then the name that I'm looking for, myPassword, and when I hit return, I get password 123 which was my password that I set with key_set. So again, this is an advantage because it's encrypted on my system and it's not laying around in an open text file. There are a number of other ways to do this. If you're using a current version of R Studio and you're using the preview version, there are R Studio API commands that you could use to store passwords, or you could potentially store it into an open file and then source it. Personally, I prefer the keyring package since it does use it encrypted. But whatever you do, don't save your passwords out in open text source files. They're bound to be found and GitHub will certainly be a place where people will look for those kind of passwords.

内容