Also, whatever computations you are doing with the password, make sure you don't end up storing a value from which the original plain text password could be easily recovered (that's the point of storing only a hash of the password).
Anthony On Saturday, November 25, 2017 at 11:05:25 AM UTC-5, Val K wrote: > > in default/user > def user(): > ... > if request.args(0)=='register' and request.vars.password: > do something > #or better way - save raw password and "do something" after base > validation: > auth.settings.register_onvalidation = [lambda frm, raw_pass = > request.vars.password: do_something(frm, raw_pass)] > > ... > > > On Tuesday, November 21, 2017 at 7:22:39 PM UTC+3, mark....@gmail.com > wrote: >> >> >> I've got the following problem: I want to do some calculations with the >> plaintext of the password the user types in. My first idea was to use the >> compute attribute ( >> http://www.web2py.com/books/default/chapter/29/06/the-database-abstraction-layer#Computed-fields), >> >> but this only does computations with the hashed password as it uses the >> value which is stored in the database. >> So I guess, I need to paste my code somewhere into the code for the >> registration where the hash hasn't been calculated yet; though I have no >> idea where exactly. Any suggestions? >> >> Thanks in advance! >> >> PS: Doing the calculation on the client side is not an option since I >> don't want the user to manipulate anything. >> >> >> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
