Wednesday, May 30, 2012

Re: How to generate secure passwords

On Wed, May 30, 2012 at 8:17 AM, Jani Tiainen <redetin@gmail.com> wrote:
> 30.5.2012 9:03, Emily Namugaanyi kirjoitti:
>
>> Hi Django users,
>>
>> I am working on a project that as to generate secure passwords
>> (passwords that cannot be hacked) every time a user register and the
>> password lasts for a period of time. S,here I am wondering whether
>> django has a provision for this or I need to find another way...
>> Thank you for your time....
>>
>> Emily.
>>
>
> Sounds like your problem is not about generatic "secure passwords". But
> instead you need to build secure authorization behind that.
>
> So you have to build a system that checks is given username + password to
> protected content combination already expired. If that's the case, no access
> is granted to protected content.
>
> Then password wouldn't contain any information about it's validity. Only
> validity checks happens on your side of system - in your code, on your
> server.
>
> --
> Jani Tiainen
>
> - Well planned is half done and a half done has been sufficient before...

django.contrib.auth.models.User has support for being tied to a
"profile" model of your design. You can include an expiration date
field (or several, if the user separately pays for different areas of
the site) in this model. While you might allow the user to edit other
fields in his profile, you do not permit him to change these fields.
Instead they are set by you payment system. The user then identifies
himself with a standard django username and passowrd, and the
controlled page views check the (appropriate to the section)
expiration date. This seems better to me than changing the password
at renewal.

Bill

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

No comments:

Post a Comment