Re: Storing credentials in the DB

2019-08-14 Thread Lance Haig 

Thanks for the response,

Thanks for the tips I will investigate this.


Regards

Lance


On 12.08.19 15:23, Sundararajan Seshadri wrote:
If I understand is right, user stores the credentials in a database, 
say A and another application, probably using a different database B 
wants to use the credentials from A.


Right?

There is no problem at all, except you need to:

(a) write your own hook for validating the password in the application 
using the database B, but will access the credentials in A. Either you 
can define A in django itself or through plain Python itself, you can 
access it.


(b) Note that the password will be (and should be) stored encrypted 
and 'normally' you will be in no position to 'decode' the original 
password. Whatever password is entered while using the application 
will be subject to same encryption and the result will be compared 
with what is in the database for allowing the login. Hopefully this 
mechanism is still OK for you.


Cheers.

=

On Sunday, August 11, 2019 at 7:01:26 PM UTC+5:30, Lance Haig wrote:

Hi,

I want to allow users to add credentials to th site that allow us to
pull details ffrom anothr site into our environment.

This will mean that their credentials will need to be useable by a
regular process that will fetch the data but it is stored securely.

I was thinking about using the same storage mechanisim for the
passwords
that django offers but I am not sure how one would then allow a
process
in the application to use those credentials to aces the otehr site.

Does anyone have a suggestion on how to accomplish this?

Regards

Lance


--
You received this message because you are subscribed to the Google 
Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to django-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/6c1ab523-b622-44b6-9e65-d2731ed05df1%40googlegroups.com 
.


--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/8721c386-85b7-2134-fd67-ee87b7264f4b%40gmail.com.

Re: Storing credentials in the DB

2019-08-12 Thread Jani Tiainen 
Unfortunately storing password in db has a fundamental flaw. To be able to
use to access any remote source it has to be in usable form. Wether
digested or plain text form it doesn't matter since at the moment you use
it to login other resource it is in plain format (whatever format that is).


ma 12. elok. 2019 klo 16.24 Sundararajan Seshadri 
kirjoitti:

> If I understand is right, user stores the credentials in a database, say A
> and another application, probably using a different database B wants to use
> the credentials from A.
>
> Right?
>
> There is no problem at all, except you need to:
>
> (a) write your own hook for validating the password in the application
> using the database B, but will access the credentials in A. Either you can
> define A in django itself or through plain Python itself, you can access it.
>
> (b) Note that the password will be (and should be) stored encrypted and
> 'normally' you will be in no position to 'decode' the original password.
> Whatever password is entered while using the application will be subject to
> same encryption and the result will be compared with what is in the
> database for allowing the login. Hopefully this mechanism is still OK for
> you.
>
> Cheers.
>
> =
>
> On Sunday, August 11, 2019 at 7:01:26 PM UTC+5:30, Lance Haig wrote:
>>
>> Hi,
>>
>> I want to allow users to add credentials to th site that allow us to
>> pull details ffrom anothr site into our environment.
>>
>> This will mean that their credentials will need to be useable by a
>> regular process that will fetch the data but it is stored securely.
>>
>> I was thinking about using the same storage mechanisim for the passwords
>> that django offers but I am not sure how one would then allow a process
>> in the application to use those credentials to aces the otehr site.
>>
>> Does anyone have a suggestion on how to accomplish this?
>>
>> Regards
>>
>> Lance
>>
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/6c1ab523-b622-44b6-9e65-d2731ed05df1%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAHn91odcosmCvpPqj%3DCiC8LDjs5yhfivejpZnMOC1PnW%2BCAKTw%40mail.gmail.com.

Re: Storing credentials in the DB

2019-08-12 Thread Sundararajan Seshadri 
If I understand is right, user stores the credentials in a database, say A 
and another application, probably using a different database B wants to use 
the credentials from A. 

Right?

There is no problem at all, except you need to:

(a) write your own hook for validating the password in the application 
using the database B, but will access the credentials in A. Either you can 
define A in django itself or through plain Python itself, you can access it.

(b) Note that the password will be (and should be) stored encrypted and 
'normally' you will be in no position to 'decode' the original password. 
Whatever password is entered while using the application will be subject to 
same encryption and the result will be compared with what is in the 
database for allowing the login. Hopefully this mechanism is still OK for 
you.

Cheers.

=

On Sunday, August 11, 2019 at 7:01:26 PM UTC+5:30, Lance Haig wrote:
>
> Hi, 
>
> I want to allow users to add credentials to th site that allow us to 
> pull details ffrom anothr site into our environment. 
>
> This will mean that their credentials will need to be useable by a 
> regular process that will fetch the data but it is stored securely. 
>
> I was thinking about using the same storage mechanisim for the passwords 
> that django offers but I am not sure how one would then allow a process 
> in the application to use those credentials to aces the otehr site. 
>
> Does anyone have a suggestion on how to accomplish this? 
>
> Regards 
>
> Lance 
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/6c1ab523-b622-44b6-9e65-d2731ed05df1%40googlegroups.com.