Storing and validating encrypted password for login in Pyramid

前端未结

关注

 2  1921

佛祖请我去吃肉 2021-01-12 22:08

I am trying to validate an encrypted password for login purposes in Pyramid. So that if the user and password match then the system will authorize the user. At

2条回答

南方客 (楼主)

2021-01-12 22:49
WARNING INSECURE CODE FOLLOWS

The code below is NOT a SECURE and SAFE way to store/verify user passwords. Please use a library that provides secure password storage, such as passlib which is specifically designed to securely store passwords.

You hash the user's password in your User.__init__ using self.password = hashlib.sha224(password).hexdigest(). Just use a similar method to validate it:
```
class User(Base):
    # Your existing code unchanged

    def validate_password(self, password):
        return self.password == hashlib.sha224(password).hexdigest()
```
And use it in your view:
```
user = api.retrieve_user(login)
if user is not None and user.validate_password(password):
    # You logic on success
```
0 讨论(0)

查看其它2个回答
发布评论:

提交评论
- 加载中...

Storing and validating encrypted password for login in Pyramid

WARNING INSECURE CODE FOLLOWS