Possibility to change password encryption #143
Comments
You should not have to do anything beyond changing the setting. The next time the user successfully logs in, their password will be updated to the new hash type. This is done in the verify_and_update_password function. |
It is not working though, I've tried changing |
The problem is that flask-security does not store encrypted passwords into the database. pull-request coming in the next minutes. |
… a better one and (optionnaly) automatically re-hash passwords as users log in. Follow up of pallets-eco#65 Fix pallets-eco#143
Tested flask-security today and i was a little bit confused when i take a look at the database and saw a passwords not encrypted. After applying your patch everything works as suggested. Thank you! ;) |
It all depends on how you add users to your database. If you have set |
The problem is if you change your |
On 11/17/2013 08:59 PM, Matt Wright wrote:
Yes - looks like i stumbled over this behavior. I've just followed the Later i looked at the code and saw that this call will do only things From my point of view this behavior is unexpected. I think the At least (IMHO) you should think about pointing out this behavior Anyway - thank you for flask-security and keep up your good work. ;)
|
@KangOl the patch is working on 1.7.0 |
@KangOl revisiting this, are you still concerned? Or have you moved on? |
Hi Guys, i was wondering if there a way to use SHA1 encryption. I know its now good but one of my client existant user password is based on sha1 and i am redeveloping the application but they want full compatibility. Thanks |
FWIW, I've fixed and tested this in the pytest branch |
@bdemirtas SHA1 is not supported, sorry. |
@mattupstate that's really sad. Django has a PasswordHasher class, that can be overwritten by the developer, so it brings more flexibility. |
Also pbkdf2_sha1 is a default in werkzeug(https://github.com/mitsuhiko/werkzeug/blob/master/werkzeug/security.py#L204), so a lot project, that has been built not from scratch, can meet this problem |
@mattupstate I am wondering why encryption is not built in with create_user. |
Explanation in #136 satisfies my curiosity. Though it would be nice to include this fact in the documentation. @mattupstate |
Remove script.py Remove old sqlalchemy workaround. closes: pallets-eco#143
Hello!
I've made the horrible mistake of not setting
SECURITY_PASSWORD_HASH
to something other than plain text and was hoping there was a way to either change all the password to a hashed format on the fly?It would be pretty cool in the future if there was a method for this kind of stuff :)
The text was updated successfully, but these errors were encountered: