Send email - user data for complete registration

30 views
Skip to first unread message

Richard Maceček

unread,
Nov 30, 2017, 6:01:02 PM11/30/17
to Django users
Hello,
after successful registration of the user, how to send personal information (password) to the user in emails? I personally use send_mass_mail. But I have a problem that the password is not in text, but it's in the "encrypted" form.
 I do not know how to send user's data but now they need it, and I have not found documentation on how easily I can get the password to display the text format.

I use this shape:


message = 'Hi, registration date:' + 'Your name:' + user.username + 'Your password:' + user.password
....
email.send ()

Thanks for any advice!

Jason

unread,
Nov 30, 2017, 8:52:22 PM11/30/17
to Django users
you should never send anything password related via email to the user.  doing so is highly irresponsible. furthermore, the plain password is never stored in the database, only the encrypted hash of it.


Mike Morris

unread,
Nov 30, 2017, 9:15:40 PM11/30/17
to django...@googlegroups.com

Earlier comment is correct that you shouldn't email a password. It's actually not necessary, or even possible. The stored version is a "one way hash" -- which is not reversible; there's no way to get the password from the hash -- and you (should) only have access to the hashed value. (Obviously it could be hacked to store the value un-hashed... but don't do that :-)

The user should know the password if they just created it. And if they've forgotten, then just send them a Reset link.

A system admin should never have access to the passwords of any of the system's users... in fact, that's the (US) law (Sarbanes-Oxley) in many types of applications, e.g. financial transaction site of any publicly traded company.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/3bc6d503-20ef-4002-b291-753d83786dfd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Richard Maceček

unread,
Dec 1, 2017, 5:07:59 AM12/1/17
to Django users
Hello, thank you for your opinion, you are right, we really did not think about it.
Some of the services used to send an email send a password, so it was inspirational, but it's bad.

For users, I will send a confirmation email with a user name and thank notes.

Thanks  Mike Morris and Jason !

Dne pátek 1. prosince 2017 3:15:40 UTC+1 Mike Morris napsal(a):
Reply all
Reply to author
Forward
0 new messages