2011/9/6 saintthor <saintt...@gmail.com> > hash is enough for me. my site is not an e-bank. >
This should not matter. If your password database is compromised, the risk is not yours, it's your users'. Many users reuse passwords between sites, and if your site provides an easy avenue to determining what those passwords are, your users are vulnerable elsewhere, on better secured sites. There is no good reason not to use a proper salting and password stretching scheme; "my site is not important enough" is not an excuse. -Nick Johnson > On 9月5日, 下午3时58分, Nick Johnson <nickjohn...@google.com> wrote: > > On Mon, Sep 5, 2011 at 4:42 PM, saintthor <saintt...@gmail.com> wrote: > > > the password was hashed. > > > > > i think to query name and password together may take less db ops if > > > password is wrong. isn't it? > > > > The number of operations is the same; fewer entities would be returned. > In > > return, though, you're incurring an extra index entry for every record. > You > > _should_ be salting your passwords (and preferably using RCrypt, SCrypt > or > > PBKDF2), though, in which case you can't do an index lookup for the > password > > anyway. > > > > -Nick Johnson > > > > > > > > > > > > > > > > > > > > > > > > > On 9月5日, 下午1时43分, Nick Johnson <nickjohn...@google.com> wrote: > > > > Also, you don't need to index the password field - just fetch the > user, > > > then > > > > check the password. I sincerely hope you're not storing the password > in > > > the > > > > clear, though! > > > > > > -Nick > > > > > > On Mon, Sep 5, 2011 at 3:02 PM, Simon Knott <knott.si...@gmail.com> > > > wrote: > > > > > Hi, > > > > > > > You need to retrieve all objects that were written in this period > out > > > of > > > > > the datastore and re-put them - single-property indexes are only > > > written on > > > > > putting the entity. If you can't work out which entities were > written > > > in > > > > > this period, then you will need to retrieve all entities and re-put > > > them. > > > > > > > It should be noted that query indexes, which use these > single-property > > > > > indexes in the background, are re-generated on deployment. > > > > > > > Cheers, > > > > > Simon > > > > > > > -- > > > > > You received this message because you are subscribed to the Google > > > Groups > > > > > "Google App Engine" group. > > > > > To view this discussion on the web visit > > > > >https://groups.google.com/d/msg/google-appengine/-/VYJDjjca21MJ. > > > > > > > To post to this group, send email to > google-appengine@googlegroups.com > > > . > > > > > To unsubscribe from this group, send email to > > > > > google-appengine+unsubscr...@googlegroups.com. > > > > > For more options, visit this group at > > > > >http://groups.google.com/group/google-appengine?hl=en. > > > > > > -- > > > > Nick Johnson, Developer Programs Engineer, App Engine > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "Google App Engine" group. > > > To post to this group, send email to google-appengine@googlegroups.com > . > > > To unsubscribe from this group, send email to > > > google-appengine+unsubscr...@googlegroups.com. > > > For more options, visit this group at > > >http://groups.google.com/group/google-appengine?hl=en. > > > > -- > > Nick Johnson, Developer Programs Engineer, App Engine > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to google-appengine@googlegroups.com. > To unsubscribe from this group, send email to > google-appengine+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > > -- Nick Johnson, Developer Programs Engineer, App Engine -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
