[Tutor] How to store and use passwords?
OS: Solaris 10. Python: 2.4.4 on the computer I will be doing my development work. 2.6.4 on the production environment. I am working on my first python program at work to automate a set of tasks that allows for the results of a radiotherapy plan to be compared to a set of constraints that the plan should meet. The end result will be a report window where items that meet the constraints are flagged green, those requiring physician comment yellow, etc. The form will require two forms of physician approval: one for the overall document and then a line item approval with comments for those items that are not green. I am still trying to figure out the design while my users merrily keep changing their requirements. This has led me to investigating the electronic sign offs of the end product. This would seem to require (in my mind) a password protected electronic signature for each physician. I have done some cursory searching on this topic, which led me to the concept of hashing passwords for storage. I just read http://www.cyberciti.biz/python-tutorials/securely-hash-passwords-in-python/ which seemed informative, but suggests the use of the module passlib. Unfortunately, I am not allowed to install anything on the production environment, nor can anyone else. The physicians do not seem to care if I password protect their electronic sign offs or not. All of this information is contained on a subset of our private intranet that supposedly is protected from outside (of our organization) access, though I am fairly confident that with what little I know I could gain access from my home. If I can, then I am sure that someone knowledgeable and skilled would be able to do the same. Suggestions? -- boB ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: https://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] How to store and use passwords?
On 18/11/14 14:45, boB Stepp wrote: http://www.cyberciti.biz/python-tutorials/securely-hash-passwords-in-python/ which seemed informative, but suggests the use of the module passlib. Unfortunately, I am not allowed to install anything on the production environment, nor can anyone else. You can roll your own password system using the crypt module. Get each user to create a password (or give them a default) and encrypt it with crypt. Store the result and when they log in compare the encrypted password with the stored one. It may not have all the security features of the passlib solution but its a lot better than nothing and will deter most crackers long enough for them to get bored and move on. The downside is that you need to build a password management module/workflow/UI into your code to allow changes/resets etc. -- Alan G Author of the Learn to Program web site http://www.alan-g.me.uk/ http://www.amazon.com/author/alan_gauld Follow my phopto-blog on Flickr at: http://www.flickr.com/photos/alangauldphotos ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: https://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] How to store and use passwords?
On Tue, Nov 18, 2014 at 9:47 AM, Alan Gauld alan.ga...@btinternet.com wrote: [...] You can roll your own password system using the crypt module. Get each user to create a password (or give them a default) and encrypt it with crypt. Store the result and when they log in compare the encrypted password with the stored one. It may not have all the security features of the passlib solution but its a lot better than nothing and will deter most crackers long enough for them to get bored and move on. I see that the crypt module is available for both python versions I have access to. The downside is that you need to build a password management module/workflow/UI into your code to allow changes/resets etc. Another opportunity for furthering my education! Thanks, Alan! -- boB ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: https://mail.python.org/mailman/listinfo/tutor