Menu
aside from using SSL, is there any way to encrypt a password in the Django framework on the first POST to the server? For example, if I have a form that accepts a username and password, then send it to another view, aren't the passwords sent to the backend unencrypted? If so, is there a way to encrypt the passwords before transmitting to the backend?
595
By default, Django uses the PBKDF2 algorithm with a SHA256 hash, a password stretching mechanism recommended by NIST. This should be sufficient for most users: it's quite secure, requiring massive amounts of computing time to break.
@anotheruser Yes, you can't 'decrypt' a hashed password through django. (A hash is a one-way function not really encryption). You could possibly save the password of the user in plaintext in the DB, when they create a user account. See: stackoverflow.com/questions/44109/…
SSL is a de facto solution, but if for some reason you can't have it, then you'll find shelter in some javascript libraries that encrypt post data. And there are plenty of them if you search.. But I don't believe that any of them can achieve maximum security.
156
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
