Need to make some php reports, but need it to be secured, how can I deal with user passwords ?
30 views
Skip to first unread message
HF
Jul 22, 2012, 6:15:35 AM7/22/12
to erpnext-dev...@googlegroups.com
Can I use md5() function to check the user password ?
Anand Doshi
Jul 22, 2012, 6:34:25 AM7/22/12
to erpnext-dev...@googlegroups.com
Hi HF,
I don't know the context of what you are trying to develop.
Here are my general recommendations.
MySQL has an inbuilt password type. You can use that to store passwords. That way, mysql will take care of the hashing, and you wont need to store password in plain text.
However, if you do want to use hashing algorithms, use sha256 or higher, instead of md5, as md5 has already been compromised.
Python has a module called hashlib. You can use its methods to implement any hashing, using preferably sha256 or higher. [http://docs.python.org/library/hashlib.html]
Thanks,
Anand.
On Sunday 22 July 2012 at 3:45 PM, HF wrote:
Can I use md5() function to check the user password ?
--
You received this message because you are subscribed to the Google Groups "ERPNext Developer Forum" group.
To post to this group, send email to erpnext-dev...@googlegroups.com.
To unsubscribe from this group, send email to erpnext-developer...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg/erpnext-developer-forum/-/GkJ19BcciQsJ.
For more options, visit https://groups.google.com/groups/opt_out.
HF
Jul 22, 2012, 7:00:58 AM7/22/12
to erpnext-dev...@googlegroups.com
Hi Anand;
I need to authenticate ERPNext users from the tabProfile table in my php reports.
How can I check if user password correct ?
Anand Doshi
Jul 22, 2012, 7:12:56 AM7/22/12
to erpnext-dev...@googlegroups.com
Hi,
Just use this query:
select * from `tabProfile` where name = [username] and password = password( [password] )
if the result exists, then the user is authenticated..
--
You received this message because you are subscribed to the Google Groups "ERPNext Developer Forum" group.
To post to this group, send email to erpnext-dev...@googlegroups.com.
To unsubscribe from this group, send email to erpnext-developer...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg/erpnext-developer-forum/-/aEcTyNU1_uwJ.
HF
Jul 24, 2012, 8:29:22 AM7/24/12
to erpnext-dev...@googlegroups.com
Thank you Anand, it works ... Thanks a lot.
On Sunday, July 22, 2012 12:15:35 PM UTC+2, HF wrote:
On Sunday, July 22, 2012 12:15:35 PM UTC+2, HF wrote:
Reply all
Reply to author
Forward
0 new messages