[Tutor] reset password program

Steven D'Aprano steve at pearwood.info
Sat Dec 17 01:51:18 CET 2011 

ADRIAN KELLY wrote:
> Hi guys,
> i created a program that allows users to login using a password that i set at the top of the program.  
> Among other things users are given the option to change their password.  My questions is;
>  
> Is it possible for me to make this new password stick, in other words when they shut down and 
> log in again i am back to the original password.....the new password only works while the programming 
> is running.  I know why this is happening, what i don't know is what to do about it.


This will be *very* low security and so shouldn't be used for real passwords.


# Read the user's password
# ------------------------
try:
     password_file = open("my secret password.txt", "r")
except (IOError, OSError):
     # password file doesn't exist, or is unreadable
     password = ''
else:
     # password file does exist
     password = password_file.read()
     password_file.close()


# Write the user's password
# -------------------------
password_file = open("my secret password.txt", "w")
password_file.write(password)
password_file.close()




Some improvements to think about, in order of least secure (easiest) to most 
secure (hardest).

(1) "my secret password.txt" is a crappy name. Is there a better name?

(2) Can you make the file hidden so users won't accidentally delete it? Hint: 
on Linux and Mac, you can hide a file by starting the name with a dot. How 
about Windows?

(3) Can you make sure that the password file is only readable by the user? 
Hint: os.chmod function. You will need to investigate how it works.

(4) Anyone who opens the password with a text editor will see the password in 
plain ordinary text. Can you obfuscate the password so it is harder to read?

(5) Do you really need to store the *actual* password? It may be better to 
just store a hash of the password, and then compare hashes instead of actual 
passwords. Research "md5" and "sha" hashes and the hashlib library.

(6) Even with hashes, breaking passwords is not difficult. Investigate the 
importance of "salting" the password so as to increase security.



-- 
Steven

More information about the Tutor mailing list