问题
How can I encrypt and decrypt a password in Google app engine without using third party libraries?
Any examples?
回答1:
If you care about your users' security, you're going to have to use a third-party library of some sort, because the only way you should be storing passwords is securely hashed with PBKDF2, SCrypt, or BCrypt - for instance, using this module, which you can easily add to your application.
Note that you should never encrypt passwords (and thus, never decrypt them) - instead, algorithms like PBKDF2 use hashing so that you can check if a password is valid, but never recover the original password.
来源:https://stackoverflow.com/questions/13227509/password-encryption-and-decryption-in-google-app-engine