How to obscure a password
Noen
not.available at na.no
Thu Feb 26 13:31:15 EST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Batista, Facundo wrote:
| Peter Hansen wrote:
|
| #- > I need to restore the password later and use it as if the
| #- user just entered
| #- > it.
| #-
| #- Your design is probably fundamentally flawed in that case. Are you
| #- certain it is not possible to store the hashed password and always
| #- to compare against it?
|
| That will imply to the user to enter his password everytime (that's
what I'm
| trying to avoid).
|
| Anyway, I'll tell the user how insecure is the mechanism, and give him the
| freedom to choice between save the password to the disk and don't enter it
| anymore, or always enter it.
|
| . Facundo
|
Perhaps you should establish a session, like you do with cookies in http?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAPjpf9vKlXPxSchIRAlYvAJ426vokN0bOF3PTEk+znqpGe7dmZACfbydU
q5X8a3Y8mU8H7h8x+DnxoSk=
=k9uD
-----END PGP SIGNATURE-----
More information about the Python-list
mailing list