App Engine:传输密码并将其安全地存储在Google App Engine中的最佳做法是什么? [英] App Engine: what are best practices for transmitting a password and storing it securely in Google App Engine?
问题描述
很多最近的帖子指向 bcrypt ,但是,并没有纯粹的Python实现,这是App Engine的一项要求。
有什么建议吗?
<最佳实践?将用户API与Google帐户或OpenID一起使用,因此您并不是首先存储或传输密码。
如果您必须自己做,请传输登录信息通过SSL传输数据,并存储密码哈希,盐渍和加强,使用诸如< a href =http://en.wikipedia.org/wiki/PBKDF2 =noreferrer> PBKDF2 。
I'm wondering what is the state-of-the-art of transmitting passwords from a web form and storing them in the data store.
A lot of recent posts point to bcrypt, however, there are no pure Python implementations, which is a requirement for App Engine.
Any suggestions?
Best practice? Use the Users API with either Google Accounts or OpenID, so you're not storing or transmitting passwords in the first place.
If you must do it yourself, transmit the login data over SSL, and store the password hashed, salted, and strengthened, using a scheme such as PBKDF2.
这篇关于App Engine:传输密码并将其安全地存储在Google App Engine中的最佳做法是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!