Re: recovering password
On 11/1/06, shidan <[EMAIL PROTECTED]> wrote: > > Hi how can I get a Users password after it has been hashed. Reseting it > is not > good enough due to the nature of the application and how it integrates > with the > rest of the system You can't. Non-reversibility is the entire purpose of a password hash - hashes are one way trapdoor functions. Your only option would be to add a 'cleartext password' field to a model somewhere, and keep the original password when the user submits it. However, this is a bad idea from a security point of view, as it introduces a point of weakness by which intruders can find the password of other users, and thereby gain access as another user. Yours, Russ Magee %-) --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: recovering password
On 10/31/06, shidan <[EMAIL PROTECTED]> wrote: > Hi how can I get a Users password after it has been hashed. The salted hash process Django uses is (deliberately, for security purposes) a one-way procedure, so it's not possible to recover the original password later. -- "May the forces of evil become confused on the way to your house." -- George Carlin --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
recovering password
Hi how can I get a Users password after it has been hashed. Reseting it is not good enough due to the nature of the application and how it integrates with the rest of the system --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---