-
Notifications
You must be signed in to change notification settings - Fork 1
SQLite3 Python
First used in the public key component to read RSA keys. SQLite3 was chosen because it's portable, and can be included with the software client as a lightweight embedded database.
After importing the sqlite3 and hashlib modules, we connect to the database:
conn = sqlite3.connect('hashBase.db')</br>
c = conn.cursor()
Instead of writing data to a variable or text file, a record is created and variables are written sequentially to it. The conn.commit() function makes the changes persistent:
c.execute("insert into Hashes values (?, ?)", (currentUser, currentPassword))</br>
conn.commit()</br>
print "Password added."
Finally the connection to the database is closed:
conn.close()
After running the program several times with different user names, the database should have multiple records when viewed again in the SQLite browser.
To pull a correct record and field from the database:
t = (currentUser,)
c.execute('SELECT Hash FROM Hashes WHERE Username=?', t)
To make this work properly, the program must check whether it’s pulled a record and fetch whichever value only if it has:
row = c.fetchone()
if row is None:
print "Account not found"
else:
fetchedHash = row[0]
Compared with the amount of code required for reading and writing plaintext passwords to SQLite, there’s only one variable and a couple of lines difference in Python, but this is a simplification as the underlying code for the hashlib and sqlite3 functions is either C or C++. If a developer truly wanted to create an application for doing this securely, probably half the code (for a relatively small program) would be for preventing SQL injection and bruteforce attacks, ensuring passwords meet certain criteria, and ensuring that a specific part of the code is the only entry point to whatever the login screen’s supposed to protect.