On Thu, Sep 19, 2013 at 12:49 PM, Sivaram R <[email protected]> wrote:
> Karkar, > > I am not getting your point.I am using django default user model,my > requirement is,after the user successfully login,their is a page called > update user profile,their i am showing first name,last name,email are in > update mode but password is showing the hashed value and not the original > value entered.How to decrypt that hashed value to original value. > > You don't. Ever. That's the whole point of a hashed password. You don't store the password - you store a one way hash of the password. Any authentication system that allows you to retrieve the original password is, by very definition, broken. Any website using such a authentication system is waiting to be exploited. And we have *plenty* of examples of sites that have been broken in this way. Django's user authentication system uses a one way hashing function (PBKDF2 by default, but other options exist). You *cannot* retrieve the original password from the hash. This is a *deliberate* feature, and *will not* be changed. Yours, Russ Magee %-) -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-users. For more options, visit https://groups.google.com/groups/opt_out.
