General Password questions

Riccardo Attilio Galli riquito at riquito.matrix
Tue Sep 23 18:02:37 CEST 2003


On Tue, 23 Sep 2003 09:28:49 -0400, Peter Hansen wrote:

> Riccardo Attilio Galli wrote:
>> 
>> what about if I would reload an entered password?
>> I wrote an e-mail client, and I haven't found a way to store the password
>> that an user enter the first time and use it when the program is restarted.
>> I don't want to ask to the user every time the account password, but also
>> I don't want to store it as plain text.
>> Do you know what is the usual practice in these cases?
> 
> [...]
> In a nutshell, this is the point: you never use the plaintext form of
> the password.  As soon as it is entered, you convert it to a hash.  You
> store the hash, and if a user later enters a password and you need to
> check it, you convert *it* to a hash and compare the hashes.  Never, 
> ever, store or compare plain text passwords.  Does that help?
> 
> -Peter

I think you have misunderstood me(mmm, I hope it sound polite enough in
english). An user should never enter the password again. I know how hashes
work, and they're useful when I can compare an entered password with an
hash value, but here I need that the user don't enter a password anymore
(after the first time).

The natural use of the program would be:
run the e-mail client for the first time
user enter his e-mail password
the client check for new mails
user close the client.

while 1:
  user run the e-mail client
  the client check for new mails WITHOUT ask for a password
  user close the client

I hope I was clearer. I think Richard got the point, whit a "sad but true"
answer.

Ciao,
Riccardo


-- 
-=Riccardo Galli=-

 _,e.
s~  ``
 ~@.   ideralis Programs
.   ol 
 `**~  http://www.sideralis.net




More information about the Python-list mailing list