Django Login Secret key
17 views
Skip to first unread message
Sebastian Jung
Jul 10, 2019, 5:53:32 AM7/10/19
to Django users
Hello,
I want in my Login Page a further field Secret Key. This Input ist replacement dir Secret Key in settings.py. Ist this possible? Can someone explain me how?
Regards
Jani Tiainen
Jul 10, 2019, 6:46:14 AM7/10/19
to django...@googlegroups.com
Hi.
What are you trying to do?
In other words why do you need to replace secret key by user input at login?
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/d8ec843c-0de4-4e20-b264-7fd45d455777%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Sebastian Jung
Jul 10, 2019, 6:53:59 AM7/10/19
to Django users
I encrypt several fields in Database. Now it's possible that a Hacker get Database and settings.py. i want Maximum Security and i think when User at Login Page Input Secret Key that ist optimal. Also i want AS SaaS No Access to Data in database because Data ist high Security.
Jani Tiainen
Jul 10, 2019, 7:06:53 AM7/10/19
to django...@googlegroups.com
Oh you want to have false security.
First this has nothing to do with Django and it's secret key. You can use any secret key in your case it would be user input. Also you can use any cryptography algorithm to secure your data in the database.
And here is the problem - to make user experience pleasant you have to store this secret key somewhere unless you want to have user input secret key every time you read and write to database. Not just in login.
Because you store the key it does exist somewhere. And if attacker already got to your settings.py it pretty much means that attacker sees your code and can read the key. And you lost the game.
ke 10. heinäk. 2019 klo 9.54 Sebastian Jung <sebasti...@gmail.com> kirjoitti:
I encrypt several fields in Database. Now it's possible that a Hacker get Database and settings.py. i want Maximum Security and i think when User at Login Page Input Secret Key that ist optimal. Also i want AS SaaS No Access to Data in database because Data ist high Security.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/2e15e2f0-0400-4158-a4ec-69e06e65bbc2%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages