If I'm not wrong, you *should not* be storing the user's password on your database. All you need to store is the API key, and it's useless if stolen because most webservices generate the key to match your host/ domain.
The process to get an API key is, generally, 1-2-3, so you just pass around requests and there's no need to store a password. On 1 mar, 19:56, Chris <macmichae...@gmail.com> wrote: > Hello, > > When working with photo API's such as twitpic, what is the best way of > storing the password? > Since the password needs to be sent in its natural form, hashing is > not an option. I read recently heard that a company was held > accountable (sued) for not encrypting their user's API passwords and > would rather be safe than sorry. I haven't been able to find an > effective way of doing so. Also I am using Postgres as my DB. > > Any suggestions? > > Thanks in advance. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
