Storing credentials in the DB

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Storing credentials in the DB

Lance Haig-2
Hi,

I want to allow users to add credentials to th site that allow us to
pull details ffrom anothr site into our environment.

This will mean that their credentials will need to be useable by a
regular process that will fetch the data but it is stored securely.

I was thinking about using the same storage mechanisim for the passwords
that django offers but I am not sure how one would then allow a process
in the application to use those credentials to aces the otehr site.

Does anyone have a suggestion on how to accomplish this?

Regards

Lance


--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/cfb1d467-67d3-bdcd-01f1-33458aabc69d%40gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Storing credentials in the DB

Sundararajan Seshadri
If I understand is right, user stores the credentials in a database, say A and another application, probably using a different database B wants to use the credentials from A. 

Right?

There is no problem at all, except you need to:

(a) write your own hook for validating the password in the application using the database B, but will access the credentials in A. Either you can define A in django itself or through plain Python itself, you can access it.

(b) Note that the password will be (and should be) stored encrypted and 'normally' you will be in no position to 'decode' the original password. Whatever password is entered while using the application will be subject to same encryption and the result will be compared with what is in the database for allowing the login. Hopefully this mechanism is still OK for you.

Cheers.

=================================================

On Sunday, August 11, 2019 at 7:01:26 PM UTC+5:30, Lance Haig wrote:
Hi,

I want to allow users to add credentials to th site that allow us to
pull details ffrom anothr site into our environment.

This will mean that their credentials will need to be useable by a
regular process that will fetch the data but it is stored securely.

I was thinking about using the same storage mechanisim for the passwords
that django offers but I am not sure how one would then allow a process
in the application to use those credentials to aces the otehr site.

Does anyone have a suggestion on how to accomplish this?

Regards

Lance


--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/6c1ab523-b622-44b6-9e65-d2731ed05df1%40googlegroups.com.
Reply | Threaded
Open this post in threaded view
|

Re: Storing credentials in the DB

Jani Tiainen
Unfortunately storing password in db has a fundamental flaw. To be able to use to access any remote source it has to be in usable form. Wether digested or plain text form it doesn't matter since at the moment you use it to login other resource it is in plain format (whatever format that is).


ma 12. elok. 2019 klo 16.24 Sundararajan Seshadri <[hidden email]> kirjoitti:
If I understand is right, user stores the credentials in a database, say A and another application, probably using a different database B wants to use the credentials from A. 

Right?

There is no problem at all, except you need to:

(a) write your own hook for validating the password in the application using the database B, but will access the credentials in A. Either you can define A in django itself or through plain Python itself, you can access it.

(b) Note that the password will be (and should be) stored encrypted and 'normally' you will be in no position to 'decode' the original password. Whatever password is entered while using the application will be subject to same encryption and the result will be compared with what is in the database for allowing the login. Hopefully this mechanism is still OK for you.

Cheers.

=================================================

On Sunday, August 11, 2019 at 7:01:26 PM UTC+5:30, Lance Haig wrote:
Hi,

I want to allow users to add credentials to th site that allow us to
pull details ffrom anothr site into our environment.

This will mean that their credentials will need to be useable by a
regular process that will fetch the data but it is stored securely.

I was thinking about using the same storage mechanisim for the passwords
that django offers but I am not sure how one would then allow a process
in the application to use those credentials to aces the otehr site.

Does anyone have a suggestion on how to accomplish this?

Regards

Lance


--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/6c1ab523-b622-44b6-9e65-d2731ed05df1%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAHn91odcosmCvpPqj%3DCiC8LDjs5yhfivejpZnMOC1PnW%2BCAKTw%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Storing credentials in the DB

Lance Haig-2
In reply to this post by Sundararajan Seshadri

Thanks for the response,

Thanks for the tips I will investigate this.


Regards

Lance


On 12.08.19 15:23, Sundararajan Seshadri wrote:
If I understand is right, user stores the credentials in a database, say A and another application, probably using a different database B wants to use the credentials from A. 

Right?

There is no problem at all, except you need to:

(a) write your own hook for validating the password in the application using the database B, but will access the credentials in A. Either you can define A in django itself or through plain Python itself, you can access it.

(b) Note that the password will be (and should be) stored encrypted and 'normally' you will be in no position to 'decode' the original password. Whatever password is entered while using the application will be subject to same encryption and the result will be compared with what is in the database for allowing the login. Hopefully this mechanism is still OK for you.

Cheers.

=================================================

On Sunday, August 11, 2019 at 7:01:26 PM UTC+5:30, Lance Haig wrote:
Hi,

I want to allow users to add credentials to th site that allow us to
pull details ffrom anothr site into our environment.

This will mean that their credentials will need to be useable by a
regular process that will fetch the data but it is stored securely.

I was thinking about using the same storage mechanisim for the passwords
that django offers but I am not sure how one would then allow a process
in the application to use those credentials to aces the otehr site.

Does anyone have a suggestion on how to accomplish this?

Regards

Lance


--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/6c1ab523-b622-44b6-9e65-d2731ed05df1%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/8721c386-85b7-2134-fd67-ee87b7264f4b%40gmail.com.