How to obscure a password
Batista, Facundo
FBatista at uniFON.com.ar
Thu Feb 26 14:50:28 EST 2004
#- > That will imply to the user to enter his password
#- everytime (that's what I'm
#- > trying to avoid).
#-
#- That's what sessions are for. Don't you have session support?
#-
#- The only time one should ever need to re-enter a password is when you
#- are allowing them to *change* their current password. And even then
#- hashing should still be done before you encrypt the new password with
#- the old one, so that it can _never_ be seen in the clear on
#- the server.
Sessions? I'm not serving Web. It's a simple program with a GUI that runs
locally.
. Facundo
More information about the Python-list
mailing list