On 29/11/06, Jacob Kaplan-Moss <[EMAIL PROTECTED]> wrote: > > On 11/29/06 12:50 PM, Clint74 wrote: > > I need to send the password to the user(email), but how recover the raw > > password once the database stores in this format: > > You can't; that's the point of hashing it. The right (read: secure) way to > deal with this is to *reset* the user's password (usually to something random, > which they then can change when they log in) rather than sending their > password in plaintext.
The 'right' way of securing an application is very much dependant on the application itself and the function it is trying to perform. Storing password hashes is a way to mitigate the risks associated with someone gaining access to the database. There may be cases where this is not appropriate. For example, if the application is only used by a few trusted users who's passwords are used to encrypt data then password resetting is a very bad idea. If you're setting up your own online bank and using third party hosting for your database servers then yes, maybe you should hash your users' passwords. Just a thought. Felix --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
