subject:"Re\: Hashed, salted mysql password in settings.py, reccomendation to protect information"

Re: Hashed, salted mysql password in settings.py, reccomendation to protect information

2009-12-21 Thread fruity


Sorry again, even better:

http://code.djangoproject.com/wiki/SplitSettings

fruity wrote:
> Thank you very much.
> 
> After a while of searching on django-snippets there was the answer :)
> 
> http://www.djangosnippets.org/snippets/94/
> 
> Brice Leroy wrote:
>> Easy,
>>   put your password in a settings_secret.py file, do not import this
>> file on your repository. Add:
>> from settings_secret import mysql_password
>> ...
>> you're set :)
>>
>> Brice
>>
>> 2009/12/21 fruity :
>>> Hello,
>>>
>>> I'd like to protect the mysql password that is in settings.py
>>>
>>> I read in the django docs that is possible to use SHA1 hashes as
>>> password for mysql and I've tried using mysql to salt and hash the
>>> password but still if I would have my project on a public svn|git
>>> repository anyone could just read sha1$salt$hash and reverse it.
>>>
>>> Is there any common practice to protect this password? For example to
>>> have it into an external file sources by the settings.py and use a svn
>>> or git ignore on it?
>>>
>>> Also, how do you generate the hash?  via mysql? slappasswd? cracklibs?
>>> And how do you escape weird chars in the salt?
>>>
>>> I've tried to add sha1$mysaltnoweirdchars$hash and it gives me error on
>>> django release 1.1
>>>
>>> Thank you very much for your time.
>>>
>>> fruity
>>>
>>> --
>>>
>>> You received this message because you are subscribed to the Google Groups 
>>> "Django users" group.
>>> To post to this group, send email to django-us...@googlegroups.com.
>>> To unsubscribe from this group, send email to 
>>> django-users+unsubscr...@googlegroups.com.
>>> For more options, visit this group at 
>>> http://groups.google.com/group/django-users?hl=en.
>>>
>>>
>>>
>> --
>>
>> You received this message because you are subscribed to the Google Groups 
>> "Django users" group.
>> To post to this group, send email to django-us...@googlegroups.com.
>> To unsubscribe from this group, send email to 
>> django-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at 
>> http://groups.google.com/group/django-users?hl=en.
> 
> --
> 
> You received this message because you are subscribed to the Google Groups 
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to 
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/django-users?hl=en.

--

You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Hashed, salted mysql password in settings.py, reccomendation to protect information

2009-12-21 Thread fruity

Thank you very much.

After a while of searching on django-snippets there was the answer :)

http://www.djangosnippets.org/snippets/94/

Brice Leroy wrote:
> Easy,
>   put your password in a settings_secret.py file, do not import this
> file on your repository. Add:
> from settings_secret import mysql_password
> ...
> you're set :)
> 
> Brice
> 
> 2009/12/21 fruity :
>> Hello,
>>
>> I'd like to protect the mysql password that is in settings.py
>>
>> I read in the django docs that is possible to use SHA1 hashes as
>> password for mysql and I've tried using mysql to salt and hash the
>> password but still if I would have my project on a public svn|git
>> repository anyone could just read sha1$salt$hash and reverse it.
>>
>> Is there any common practice to protect this password? For example to
>> have it into an external file sources by the settings.py and use a svn
>> or git ignore on it?
>>
>> Also, how do you generate the hash?  via mysql? slappasswd? cracklibs?
>> And how do you escape weird chars in the salt?
>>
>> I've tried to add sha1$mysaltnoweirdchars$hash and it gives me error on
>> django release 1.1
>>
>> Thank you very much for your time.
>>
>> fruity
>>
>> --
>>
>> You received this message because you are subscribed to the Google Groups 
>> "Django users" group.
>> To post to this group, send email to django-us...@googlegroups.com.
>> To unsubscribe from this group, send email to 
>> django-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at 
>> http://groups.google.com/group/django-users?hl=en.
>>
>>
>>
> 
> --
> 
> You received this message because you are subscribed to the Google Groups 
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to 
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/django-users?hl=en.

--

You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Hashed, salted mysql password in settings.py, reccomendation to protect information

2009-12-21 Thread Brice Leroy

Easy,
  put your password in a settings_secret.py file, do not import this
file on your repository. Add:
from settings_secret import mysql_password
...
you're set :)

Brice

2009/12/21 fruity :
> Hello,
>
> I'd like to protect the mysql password that is in settings.py
>
> I read in the django docs that is possible to use SHA1 hashes as
> password for mysql and I've tried using mysql to salt and hash the
> password but still if I would have my project on a public svn|git
> repository anyone could just read sha1$salt$hash and reverse it.
>
> Is there any common practice to protect this password? For example to
> have it into an external file sources by the settings.py and use a svn
> or git ignore on it?
>
> Also, how do you generate the hash?  via mysql? slappasswd? cracklibs?
> And how do you escape weird chars in the salt?
>
> I've tried to add sha1$mysaltnoweirdchars$hash and it gives me error on
> django release 1.1
>
> Thank you very much for your time.
>
> fruity
>
> --
>
> You received this message because you are subscribed to the Google Groups 
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to 
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/django-users?hl=en.
>
>
>

--

You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Hashed, salted mysql password in settings.py, reccomendation to protect information

Re: Hashed, salted mysql password in settings.py, reccomendation to protect information

Re: Hashed, salted mysql password in settings.py, reccomendation to protect information

3 matches

Site Navigation

Mail list logo

Footer information