Question:
So I am making a website for a school project (not what I really need help with), I am trying to eventually set up a Sign Up
and Sign In
page, where in the Sign Up
page it will hash your password and send it to a DataBase of some sort (if you have any ideas for DB’s that would help, besides JSON), but what I don’t understand is when someone logs in how do you compare the plain text password to the encrypted one and actually log somebody in?
I just need help with how I would compare the plain text password to the hashed password to login, not any code.
Hash the plain text, and then compare them?
1 Like
@Firepup650 but wouldn’t it change based on the salt that I use (since I don’t want to use the same salt for everything)? Then they wouldn’t be the same.
The way I do it, I save a salt per-user, and when someone tries to login, I get that user’s salt, hash the attempt, and compare the hashes.
1 Like
@Firepup650 do you have database I should use for this? I am using JSON for other, non-sensitive info, should I use ReplDB or something?
Don’t handle the hashing and salting yourself. Use something like bcrypt
.
4 Likes
Idk, the only way I was doing it was on a Private repl in a JSON file.
1 Like
Try Firestore. I use it for my storing of username and passwords.
1 Like
You should probably use a library to do it, those library developers have spent a significant amount of time on getting it right, regarding password hashing. For instance, passlib
.
When you want to log someone in you use yet another library that helps you manage sessions, like flask_login
. You can roll your own but I recommend using existing libraries
4 Likes