On Sun, 2009-02-01 at 01:07 -0800, Guy Rutenberg wrote:
> Hi Kless,
>
>
> On Jan 31, 7:05 pm, Kless wrote:
> >
> > Your method has a point of failure. Whatever can see your code JS
> > (client-code), so he will know what are you making with the password
> > that is sent from a form.
> >
> > The
Hi Rutenberg,
I just find anything that can be of interest for you. It's a "secure"
method to login without https. Althought it isn't realy secure in
comparison to https.
http://www.pylucid.org/about/features/JS-SHA-Login/
On 1 feb, 09:07, Guy Rutenberg wrote:
> I just wonder if Django
> has
Hi Kless,
On Jan 31, 7:05 pm, Kless wrote:
>
> Your method has a point of failure. Whatever can see your code JS
> (client-code), so he will know what are you making with the password
> that is sent from a form.
>
> The best options are https or using HMAC-SHA1/RIPEMD160
>
I've indeed referenc
Rutenberg, you're correct. bcrypt is only a solution for storing the
hash of passwords of secure way. In fact, it's the way more secure and
easy that I've found; and it has been implemented and is being used by
OpenBSD.
Your method has a point of failure. Whatever can see your code JS
(client-cod
Hi Kless,
Correct me if I'm wrong but bcrypt can be used as a solution for
storing the passwords in the database (instead of the default sha1)
but it doesn't provide the solution I'm looking for: not sending plain-
text passwords in login forms. Anyway bcrypt sounds interesting,
especially its ab
I recommend you to use bcrypt, the password-hashing algorithm used in
OpenBSD.
The advantages are that it creates and manages auto. the salt for each
password entered; And the most important is that it is adaptable to
future processor performance improvements.
http://pypi.python.org/pypi/bcryptW
Hi Matthias,
On Jan 31, 12:37 am, Matthias Julius wrote:
>
>
> But, it doesn't help you anything. Someone who could get a hold of a
> plain text password sent over the internet could get a hashed password
> just as easily. And the server has no way of telling whether the sent
> password hash c
Guy Rutenberg writes:
> Hi Martin,
>
> On Jan 30, 11:43 pm, Martin Conte Mac Donell
> wrote:
>>
>> Actually in contrib.auth passwords are stored in SHA1. If you mean
>> that passwords are sent in plain text "over the network" then you
>> should use https.
>>
>
> I meant "over the network". Whil
Hi Martin,
On Jan 30, 11:43 pm, Martin Conte Mac Donell
wrote:
>
> Actually in contrib.auth passwords are stored in SHA1. If you mean
> that passwords are sent in plain text "over the network" then you
> should use https.
>
I meant "over the network". While https is the ideal solution security
On Fri, Jan 30, 2009 at 5:36 PM, Guy Rutenberg wrote:
> I've started using Django recently and when I've used the auth module
> I noticed that it only verifies a plain text password. I'm not
> comfortable with this behaviour as it means that passwords have to be
> sent by login forms in plain tex
Hi,
I've started using Django recently and when I've used the auth module
I noticed that it only verifies a plain text password. I'm not
comfortable with this behaviour as it means that passwords have to be
sent by login forms in plain text.
In previous projects of mine I've used a solution that
11 matches
Mail list logo
