Decoding django user password
2,919 views
Skip to first unread message
Miguel
Apr 29, 2009, 7:47:42 AM4/29/09
to django...@googlegroups.com
Hello,
is there any way to decode the passwords that django keeps the the auth_user table? It would be really interesting to see if there is any problems in the users part of the web when new information and tasks are added via admin web.
regards,
Miguel
Sent from Madrid, Spain
is there any way to decode the passwords that django keeps the the auth_user table? It would be really interesting to see if there is any problems in the users part of the web when new information and tasks are added via admin web.
regards,
Miguel
Sent from Madrid, Spain
Masklinn
Apr 29, 2009, 8:09:57 AM4/29/09
to django...@googlegroups.com
On 29 Apr 2009, at 13:47 , Miguel wrote:
> Hello,
>
> is there any way to decode the passwords that django keeps the the
> auth_user
> table?
No. The passwords are stored salted hashes (http://en.wikipedia.org/wiki/Salted_hash > Hello,
>
> is there any way to decode the passwords that django keeps the the
> auth_user
> table?
), you can try brute-forcing them if you have *a lot* of time (and cpu
time) to waste.
Karen Tracey
Apr 29, 2009, 8:10:46 AM4/29/09
to django...@googlegroups.com
On Wed, Apr 29, 2009 at 7:47 AM, Miguel <migu...@gmail.com> wrote:
Hello,
is there any way to decode the passwords that django keeps the the auth_user table? It would be really interesting to see if there is any problems in the users part of the web when new information and tasks are added via admin web.
No. For more information search the list and you'll find, for example, this thread:
http://groups.google.com/group/django-users/browse_thread/thread/5cce44d27cc6b0cc/
which details why and why that is a good thing.
If you want to test things out as they would be seen by a non-staff, non-superuser user, why not just define one (or more) for testing purposes and use them? It shouldn't be necessary to actually log in as one of your real users for testing purposes.
Karen
Kenneth Gonsalves
Apr 29, 2009, 8:08:05 AM4/29/09
to django...@googlegroups.com
On Wednesday 29 April 2009 17:17:42 Miguel wrote:
> is there any way to decode the passwords that django keeps the the
> auth_user table?
> is there any way to decode the passwords that django keeps the the
> auth_user table?
afaik it is one way only
--
regards
kg
http://lawgon.livejournal.com
Ned Batchelder
Apr 29, 2009, 8:22:54 AM4/29/09
to django...@googlegroups.com
If you want to login as a user, don't bother with their password (which
can't be decoded anyway). Build another authorization mechanism into
your app so that you can log in as them without a password. For
example, you can accept a user name with a password of (superuser name,
superuser password) and then log the user in. More details here:
http://stackoverflow.com/questions/263367/how-do-you-support-a-web-app-with-hashed-or-encrypted-passwords
--Ned.
http://nedbatchelder.com
--
Ned Batchelder, http://nedbatchelder.com
can't be decoded anyway). Build another authorization mechanism into
your app so that you can log in as them without a password. For
example, you can accept a user name with a password of (superuser name,
superuser password) and then log the user in. More details here:
http://stackoverflow.com/questions/263367/how-do-you-support-a-web-app-with-hashed-or-encrypted-passwords
--Ned.
http://nedbatchelder.com
Ned Batchelder, http://nedbatchelder.com
Miguel
Apr 29, 2009, 9:31:43 AM4/29/09
to django...@googlegroups.com
thank you guys!
Miguel
Sent from Madrid, Spain
Miguel
Sent from Madrid, Spain
Reply all
Reply to author
Forward
0 new messages