如何在django中获取密码? [英] How do I get the password in django?
问题描述
我有一个为其他内容编写的python库。因此,我导入了要在Django中使用的密码,我面临的问题是如何获取密码。
I have a python library which I wrote for something else. So I import that to use in Django, problem I am facing is how to get the password.
mycustom_lib_function(username, password)
用户名我可以通过 request.user
但是,我不确定如何获取密码。有人能帮我吗?谢谢。
But, I am not sure how to get the password. Can someone help me? Thanks.
推荐答案
您的函数 mycustom_lib_function 不应该使用纯文本密码。用户对您的应用程序进行身份验证之后,您将拥有一个 User 对象(来自 django.contrib.auth.models )包含哈希密码:
Your function mycustom_lib_function should not be using a plaintext password. After a user authenticates with your application, you have a User object (from django.contrib.auth.models) that contains a hashed password:
>>> user.username
u'myusername'
>>> user.password
u'sha1$98ffc$b5fd085b8bc1c05fd241dfc97230631926141fe7'
键入您的实际密码表单不是以纯文本形式存储的,因为标准的网络安全建议您在身份验证后不要存储密码的纯文本值。
请注意,您可以通过执行以下操作来检查上述哈希值:
The actual password typed into your form is not stored in plaintext, as standard web security advises you not to store plaintext values of passwords after authentication.
Note that you could check the above hash by performing:
>>> from hashlib import sha1
>>> password = 'weak_password'
>>> _, salt, hashpw = user.password.split('$')
>>> sha1(salt+password).hexdigest() == hashpw
True
现在,如果您应用程序包装到另一个您不需要控制的应用程序中,该应用程序需要密码才能执行某些操作,您可以考虑将其密码存储为纯文本格式(或稍加加密),但是 django.contrib.auth 不会为您执行此操作。如果您建立一个OAuth类型的凭证系统会更好,该系统可以完全执行此功能,而无需用户向中间站点透露密码。
Now if your application wraps into another application that you do not control that needs a password to do certain actions, you can possibly consider storing their password in plaintext (or slightly better encrypting it), but django.contrib.auth will not do this for you. It would be better if you set up an OAuth type credential system, which does exactly this functionality without necessitating users reveal their password to the intermediate site.
您可以控制,我会删除将密码传递给它的要求。
If its an application that you do control, I would drop the requirement for password to be passed to it.
这篇关于如何在django中获取密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
