2

I have some APIs (django-rest-framework) which do basic authentication (Base64). On one client box, there is a cron job, which sends requests to APIs.

Now, I hardcoded the base64 encrypted username and password on the disk. I know it is not secure. But how to improve it? Can I use another algorithm instead of base64?

Thanks

UPDATE

Token authentication involves key too. so, we need to store the key somewhere for the cron job. I am trying to solve the problem of hard-coding the key somewhere for the crob job. If the hardcode cannot be avoided, I prefer a stronger encryption algorithm. So, I am thinking about a strong encryption algorithm to encrypt the password and username and storing them somewhere.

Any comments welcomed. Thanks.

Community
  • 1
  • 1
BAE
  • 8,550
  • 22
  • 88
  • 171
  • 2
    You can use token authentication - this will be much more secure - http://cheng.logdown.com/posts/2015/10/27/how-to-use-django-rest-frameworks-token-based-authentication – dmitryro Jul 12 '16 at 20:36
  • @dmitryro Thanks. Token authentication involves key too. so, we need to store the key somewhere for the cron job. I am trying to solve the problem of hard-coding the key somewhere for the crob job. If the hardcode cannot be avoided, I prefer a stronger encryption algorithm. So, I am thinking about a strong encryption algorithm to encrypt the password and username and storing them somewhere. – BAE Jul 13 '16 at 14:16
  • But anything that is hashed or salted will not be readable and will be useless for outsiders - so once you have a way to decrypt your encrypted data from either file or database you're safe. If not MD5 or Django password encryption - there are many ways to achieve this. – dmitryro Jul 13 '16 at 15:46
  • If you're running your cronjob on an AWS EC2 instance you could store the username and password in an encrypted document on S3 and give the instance implicit permission to download the document via an [instance IAM role](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html) – Bill Brower Jul 13 '16 at 15:55

0 Answers0