How to store passwords?
Rhodri James
rhodri at wildebst.demon.co.uk
Wed Jan 7 21:56:00 EST 2009
On Wed, 07 Jan 2009 21:06:07 -0000, Oltmans <rolf.oltmans at gmail.com> wrote:
> But the thing is that I will ask the user for user name and password
> only once i.e. when they start the application for the first time.
> After that, I'm not supposed to ask the user name and password again.
> So in this scenario, if I store a hash on the disk I cannot retrieve
> plain-text string back from my hash as I've to send user name and
> password to the server in plain-text.
The words "massive security hole" spring to mind. Does your server
really require you to reauthenticate so often? Can't you invoke
some kind of secured protocol instead?
--
Rhodri James *-* Wildebeeste Herder to the Masses
More information about the Python-list
mailing list