Re: [Tutor] How to store and use passwords?
On Tue, Nov 18, 2014 at 9:47 AM, Alan Gauld wrote: [...] > You can roll your own password system using the crypt module. > Get each user to create a password (or give them a default) and > encrypt it with crypt. Store the result and when they log in > compare the encrypted password with the stored one. > > It may not have all the security features of the passlib > solution but its a lot better than nothing and will deter > most crackers long enough for them to get bored and move on. I see that the crypt module is available for both python versions I have access to. > The downside is that you need to build a password management > module/workflow/UI into your code to allow changes/resets etc. Another opportunity for furthering my education! Thanks, Alan! -- boB ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: https://mail.python.org/mailman/listinfo/tutor
Re: [Tutor] How to store and use passwords?
On 18/11/14 14:45, boB Stepp wrote: http://www.cyberciti.biz/python-tutorials/securely-hash-passwords-in-python/ which seemed informative, but suggests the use of the module passlib. Unfortunately, I am not allowed to install anything on the production environment, nor can anyone else. You can roll your own password system using the crypt module. Get each user to create a password (or give them a default) and encrypt it with crypt. Store the result and when they log in compare the encrypted password with the stored one. It may not have all the security features of the passlib solution but its a lot better than nothing and will deter most crackers long enough for them to get bored and move on. The downside is that you need to build a password management module/workflow/UI into your code to allow changes/resets etc. -- Alan G Author of the Learn to Program web site http://www.alan-g.me.uk/ http://www.amazon.com/author/alan_gauld Follow my phopto-blog on Flickr at: http://www.flickr.com/photos/alangauldphotos ___ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: https://mail.python.org/mailman/listinfo/tutor