Storing credentials in the DB
21 views
Skip to first unread message
Lance Haig
Aug 11, 2019, 9:31:26 AM8/11/19
to django...@googlegroups.com
Hi,
I want to allow users to add credentials to th site that allow us to
pull details ffrom anothr site into our environment.
This will mean that their credentials will need to be useable by a
regular process that will fetch the data but it is stored securely.
I was thinking about using the same storage mechanisim for the passwords
that django offers but I am not sure how one would then allow a process
in the application to use those credentials to aces the otehr site.
Does anyone have a suggestion on how to accomplish this?
Regards
Lance
I want to allow users to add credentials to th site that allow us to
pull details ffrom anothr site into our environment.
This will mean that their credentials will need to be useable by a
regular process that will fetch the data but it is stored securely.
I was thinking about using the same storage mechanisim for the passwords
that django offers but I am not sure how one would then allow a process
in the application to use those credentials to aces the otehr site.
Does anyone have a suggestion on how to accomplish this?
Regards
Lance
Sundararajan Seshadri
Aug 12, 2019, 9:23:23 AM8/12/19
to Django users
If I understand is right, user stores the credentials in a database, say A and another application, probably using a different database B wants to use the credentials from A.
Right?
There is no problem at all, except you need to:
(a) write your own hook for validating the password in the application using the database B, but will access the credentials in A. Either you can define A in django itself or through plain Python itself, you can access it.
(b) Note that the password will be (and should be) stored encrypted and 'normally' you will be in no position to 'decode' the original password. Whatever password is entered while using the application will be subject to same encryption and the result will be compared with what is in the database for allowing the login. Hopefully this mechanism is still OK for you.
Cheers.
=================================================
Jani Tiainen
Aug 12, 2019, 9:41:21 AM8/12/19
to django...@googlegroups.com
Unfortunately storing password in db has a fundamental flaw. To be able to use to access any remote source it has to be in usable form. Wether digested or plain text form it doesn't matter since at the moment you use it to login other resource it is in plain format (whatever format that is).
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/6c1ab523-b622-44b6-9e65-d2731ed05df1%40googlegroups.com.
Lance Haig
Aug 14, 2019, 12:04:12 PM8/14/19
to django...@googlegroups.com
Thanks for the response,
Thanks for the tips I will investigate this.
Regards
Lance
Reply all
Reply to author
Forward
0 new messages