Hardcoding Password in db_connect.py

[Fretless14]

Hi Grant,

I'm a little confused why you have the password hardcoded in the db_connect file (the ******** in the input of the function). Doesn't this defeat the purpose of hashing the master password and verifying the password input if it's directly in the connection function? Just trying to learn how to build this password manager/how it works as I'm a beginner as well :) Currently building my own PW manager for a small app I'm making.

Just concerned if somehow someone could just directly use this 'connect' function? Should we save the password input in a variable and format the string with the password?

Appreciate it!
-Michael

[Fretless14]

Also curious as to why this is in a separate py file? For security or organization or just happened like that? haha thanks!

[alexandre-lavoie]

Not Grant, but having credentials to the DB is "safe". The passwords are encrypted therefore the only way for someone to read them is if they manage to get the master password, which theoretically is not be possible. If you are concerned of leaking the DB credentials on a source manager (like GitHub), you should use a config file that is ignored by the .gitignore. For what comes of separate py files, mostly seems like an organisation choice, but could also be a security choice if there was a .gitignore involved.