General Password questions
Riccardo Attilio Galli
riquito at riquito.matrix
Tue Sep 23 12:02:37 EDT 2003
On Tue, 23 Sep 2003 09:28:49 -0400, Peter Hansen wrote:
> Riccardo Attilio Galli wrote:
>>
>> what about if I would reload an entered password?
>> I wrote an e-mail client, and I haven't found a way to store the password
>> that an user enter the first time and use it when the program is restarted.
>> I don't want to ask to the user every time the account password, but also
>> I don't want to store it as plain text.
>> Do you know what is the usual practice in these cases?
>
> [...]
> In a nutshell, this is the point: you never use the plaintext form of
> the password. As soon as it is entered, you convert it to a hash. You
> store the hash, and if a user later enters a password and you need to
> check it, you convert *it* to a hash and compare the hashes. Never,
> ever, store or compare plain text passwords. Does that help?
>
> -Peter
I think you have misunderstood me(mmm, I hope it sound polite enough in
english). An user should never enter the password again. I know how hashes
work, and they're useful when I can compare an entered password with an
hash value, but here I need that the user don't enter a password anymore
(after the first time).
The natural use of the program would be:
run the e-mail client for the first time
user enter his e-mail password
the client check for new mails
user close the client.
while 1:
user run the e-mail client
the client check for new mails WITHOUT ask for a password
user close the client
I hope I was clearer. I think Richard got the point, whit a "sad but true"
answer.
Ciao,
Riccardo
--
-=Riccardo Galli=-
_,e.
s~ ``
~@. ideralis Programs
. ol
`**~ http://www.sideralis.net
More information about the Python-list
mailing list