python - Custom user authentication. How is it done, with the best practices? -
I am using Google engine app with Python. I want to add custom user authentication How is this done with best practices?
I need custom authentication because the app is built in Flex and I do not want to redirect to an HTML page.
User value object is like this:
Class User (db.Model): email = db.EmailProperty (required = true, indexed = true) masked_password = db. StringProperty (required = true) # Maybe more things here
I would like to mask the password, is there a function built in some GAE?
Then, how do I remember the current user? Through seasons and cookies? Or what else?
password:
password handling Good way is the result of a hash of a random salt value and password for every user + salt.
When the user wants to login, calculate the hash (password + salt) and see if that was the value you had set when you originally set the password. This idea is never ever used to store passwords in the claytext and two users with the same password will have the same head value.
You can find many examples on this online and SO.
Sessions:
Many ways to apply sessions and use cookies are popular. I suggest that you use a library already available for this purpose. Look at this.
Comments
Post a Comment