Re: How to generate secure passwords
thanx On Wed, May 30, 2012 at 5:16 PM, Bill Freeman wrote: > On Wed, May 30, 2012 at 8:17 AM, Jani Tiainen wrote: > > 30.5.2012 9:03, Emily Namugaanyi kirjoitti: > > > >> Hi Django users, > >> > >> I am working on a project that as to generate secure passwords > >> (passwords that cannot be hacked) every time a user register and the > >> password lasts for a period of time. S,here I am wondering whether > >> django has a provision for this or I need to find another way... > >> Thank you for your time > >> > >> Emily. > >> > > > > Sounds like your problem is not about generatic "secure passwords". But > > instead you need to build secure authorization behind that. > > > > So you have to build a system that checks is given username + password to > > protected content combination already expired. If that's the case, no > access > > is granted to protected content. > > > > Then password wouldn't contain any information about it's validity. Only > > validity checks happens on your side of system - in your code, on your > > server. > > > > -- > > Jani Tiainen > > > > - Well planned is half done and a half done has been sufficient before... > > django.contrib.auth.models.User has support for being tied to a > "profile" model of your design. You can include an expiration date > field (or several, if the user separately pays for different areas of > the site) in this model. While you might allow the user to edit other > fields in his profile, you do not permit him to change these fields. > Instead they are set by you payment system. The user then identifies > himself with a standard django username and passowrd, and the > controlled page views check the (appropriate to the section) > expiration date. This seems better to me than changing the password > at renewal. > > Bill > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-users@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: How to generate secure passwords
On Wed, May 30, 2012 at 8:17 AM, Jani Tiainen wrote: > 30.5.2012 9:03, Emily Namugaanyi kirjoitti: > >> Hi Django users, >> >> I am working on a project that as to generate secure passwords >> (passwords that cannot be hacked) every time a user register and the >> password lasts for a period of time. S,here I am wondering whether >> django has a provision for this or I need to find another way... >> Thank you for your time >> >> Emily. >> > > Sounds like your problem is not about generatic "secure passwords". But > instead you need to build secure authorization behind that. > > So you have to build a system that checks is given username + password to > protected content combination already expired. If that's the case, no access > is granted to protected content. > > Then password wouldn't contain any information about it's validity. Only > validity checks happens on your side of system - in your code, on your > server. > > -- > Jani Tiainen > > - Well planned is half done and a half done has been sufficient before... django.contrib.auth.models.User has support for being tied to a "profile" model of your design. You can include an expiration date field (or several, if the user separately pays for different areas of the site) in this model. While you might allow the user to edit other fields in his profile, you do not permit him to change these fields. Instead they are set by you payment system. The user then identifies himself with a standard django username and passowrd, and the controlled page views check the (appropriate to the section) expiration date. This seems better to me than changing the password at renewal. Bill -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: How to generate secure passwords
30.5.2012 9:03, Emily Namugaanyi kirjoitti: Hi Django users, I am working on a project that as to generate secure passwords (passwords that cannot be hacked) every time a user register and the password lasts for a period of time. S,here I am wondering whether django has a provision for this or I need to find another way... Thank you for your time Emily. Sounds like your problem is not about generatic "secure passwords". But instead you need to build secure authorization behind that. So you have to build a system that checks is given username + password to protected content combination already expired. If that's the case, no access is granted to protected content. Then password wouldn't contain any information about it's validity. Only validity checks happens on your side of system - in your code, on your server. -- Jani Tiainen - Well planned is half done and a half done has been sufficient before... -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: How to generate secure passwords
Like QR codes but those that can expire... Emily On Wed, May 30, 2012 at 11:18 AM, Emily wrote: > I want to sell passwords to users. If I can generate passwords > for them that can last for a specific period of time (the time they > have paid for) this would be good. > > If the user generates there own I cannot restrict them from viewing > certain content don't want them to view... > > My problem is that a user has to pay some money to view content on > my page for a certain period of time and this looks like a good way; a > password that can expire... When it expires, they have to buy another > pass word. > > Emily > > > On Wed, May 30, 2012 at 9:51 AM, wrote: > >> Hi, >> Are you trying to create passwords on behalf of users? This is usually >> a bad idea. >> >> If I got your message wrong and you talk about secure password hashes, >> is there something specific you did not like about the current Django auth >> system? >> >> Or maybe you are interested in password complexity requirements? It's >> really difficult to guess. Please describe the problem you're trying to >> solve a bit better. >> >> Cheers >> >>Jirka >> >> >> -Original Message- >> From: Emily Namugaanyi >> Sender: django-users@googlegroups.com >> Date: Tue, 29 May 2012 23:03:39 >> To: Django users >> Reply-To: django-users@googlegroups.com >> Subject: How to generate secure passwords >> >> Hi Django users, >> >> I am working on a project that as to generate secure passwords >> (passwords that cannot be hacked) every time a user register and the >> password lasts for a period of time. S,here I am wondering whether >> django has a provision for this or I need to find another way... >> Thank you for your time >> >> Emily. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To post to this group, send email to django-users@googlegroups.com. >> To unsubscribe from this group, send email to >> django-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/django-users?hl=en. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To post to this group, send email to django-users@googlegroups.com. >> To unsubscribe from this group, send email to >> django-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/django-users?hl=en. >> >> > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: How to generate secure passwords
I want to sell passwords to users. If I can generate passwords for them that can last for a specific period of time (the time they have paid for) this would be good. If the user generates there own I cannot restrict them from viewing certain content don't want them to view... My problem is that a user has to pay some money to view content on my page for a certain period of time and this looks like a good way; a password that can expire... When it expires, they have to buy another pass word. Emily On Wed, May 30, 2012 at 9:51 AM, wrote: > Hi, > Are you trying to create passwords on behalf of users? This is usually a > bad idea. > > If I got your message wrong and you talk about secure password hashes, is > there something specific you did not like about the current Django auth > system? > > Or maybe you are interested in password complexity requirements? It's > really difficult to guess. Please describe the problem you're trying to > solve a bit better. > > Cheers > >Jirka > > > -Original Message- > From: Emily Namugaanyi > Sender: django-users@googlegroups.com > Date: Tue, 29 May 2012 23:03:39 > To: Django users > Reply-To: django-users@googlegroups.com > Subject: How to generate secure passwords > > Hi Django users, > > I am working on a project that as to generate secure passwords > (passwords that cannot be hacked) every time a user register and the > password lasts for a period of time. S,here I am wondering whether > django has a provision for this or I need to find another way... > Thank you for your time > > Emily. > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-users@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-users@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: How to generate secure passwords
Hi, Are you trying to create passwords on behalf of users? This is usually a bad idea. If I got your message wrong and you talk about secure password hashes, is there something specific you did not like about the current Django auth system? Or maybe you are interested in password complexity requirements? It's really difficult to guess. Please describe the problem you're trying to solve a bit better. Cheers Jirka -Original Message- From: Emily Namugaanyi Sender: django-users@googlegroups.com Date: Tue, 29 May 2012 23:03:39 To: Django users Reply-To: django-users@googlegroups.com Subject: How to generate secure passwords Hi Django users, I am working on a project that as to generate secure passwords (passwords that cannot be hacked) every time a user register and the password lasts for a period of time. S,here I am wondering whether django has a provision for this or I need to find another way... Thank you for your time Emily. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
How to generate secure passwords
Hi Django users, I am working on a project that as to generate secure passwords (passwords that cannot be hacked) every time a user register and the password lasts for a period of time. S,here I am wondering whether django has a provision for this or I need to find another way... Thank you for your time Emily. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.