+1 bazillion On Sep 5, 8:13 pm, Nick Johnson <nickjohn...@google.com> wrote: > 2011/9/6 saintthor <saintt...@gmail.com> > > > hash is enough for me. my site is not an e-bank. > > This should not matter. If your password database is compromised, the risk > is not yours, it's your users'. Many users reuse passwords between sites, > and if your site provides an easy avenue to determining what those passwords > are, your users are vulnerable elsewhere, on better secured sites. > > There is no good reason not to use a proper salting and password stretching > scheme; "my site is not important enough" is not an excuse. > > -Nick Johnson > > > > > > > > > > > On 9月5日, 下午3时58分, Nick Johnson <nickjohn...@google.com> wrote: > > > On Mon, Sep 5, 2011 at 4:42 PM, saintthor <saintt...@gmail.com> wrote: > > > > the password was hashed. > > > > > i think to query name and password together may take less db ops if > > > > password is wrong. isn't it? > > > > The number of operations is the same; fewer entities would be returned. > > In > > > return, though, you're incurring an extra index entry for every record. > > You > > > _should_ be salting your passwords (and preferably using RCrypt, SCrypt > > or > > > PBKDF2), though, in which case you can't do an index lookup for the > > password > > > anyway. > > > > -Nick Johnson > > > > > On 9月5日, 下午1时43分, Nick Johnson <nickjohn...@google.com> wrote: > > > > > Also, you don't need to index the password field - just fetch the > > user, > > > > then > > > > > check the password. I sincerely hope you're not storing the password > > in > > > > the > > > > > clear, though! > > > > > > -Nick > > > > > > On Mon, Sep 5, 2011 at 3:02 PM, Simon Knott <knott.si...@gmail.com> > > > > wrote: > > > > > > Hi, > > > > > > > You need to retrieve all objects that were written in this period > > out > > > > of > > > > > > the datastore and re-put them - single-property indexes are only > > > > written on > > > > > > putting the entity. If you can't work out which entities were > > written > > > > in > > > > > > this period, then you will need to retrieve all entities and re-put > > > > them. > > > > > > > It should be noted that query indexes, which use these > > single-property > > > > > > indexes in the background, are re-generated on deployment. > > > > > > > Cheers, > > > > > > Simon > > > > > > > -- > > > > > > You received this message because you are subscribed to the Google > > > > Groups > > > > > > "Google App Engine" group. > > > > > > To view this discussion on the web visit > > > > > >https://groups.google.com/d/msg/google-appengine/-/VYJDjjca21MJ. > > > > > > > To post to this group, send email to > > google-appengine@googlegroups.com > > > > . > > > > > > To unsubscribe from this group, send email to > > > > > > google-appengine+unsubscr...@googlegroups.com. > > > > > > For more options, visit this group at > > > > > >http://groups.google.com/group/google-appengine?hl=en. > > > > > > -- > > > > > Nick Johnson, Developer Programs Engineer, App Engine > > > > > -- > > > > You received this message because you are subscribed to the Google > > Groups > > > > "Google App Engine" group. > > > > To post to this group, send email to google-appengine@googlegroups.com > > . > > > > To unsubscribe from this group, send email to > > > > google-appengine+unsubscr...@googlegroups.com. > > > > For more options, visit this group at > > > >http://groups.google.com/group/google-appengine?hl=en. > > > > -- > > > Nick Johnson, Developer Programs Engineer, App Engine > > > -- > > You received this message because you are subscribed to the Google Groups > > "Google App Engine" group. > > To post to this group, send email to google-appengine@googlegroups.com. > > To unsubscribe from this group, send email to > > google-appengine+unsubscr...@googlegroups.com. > > For more options, visit this group at > >http://groups.google.com/group/google-appengine?hl=en. > > -- > Nick Johnson, Developer Programs Engineer, App Engine
-- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
