On Tue, 23 Sep 2003 09:28:49 -0400, Peter Hansen wrote:

Riccardo Attilio Galli wrote:
what about if I would reload an entered password?
I wrote an e-mail client, and I haven't found a way to store the password
that an user enter the first time and use it when the program is restarted.
I don't want to ask to the user every time the account password, but also
I don't want to store it as plain text.
Do you know what is the usual practice in these cases?
In a nutshell, this is the point: you never use the plaintext form of
the password. As soon as it is entered, you convert it to a hash. You
store the hash, and if a user later enters a password and you need to
check it, you convert *it* to a hash and compare the hashes. Never,
ever, store or compare plain text passwords. Does that help?

I think you have misunderstood me(mmm, I hope it sound polite enough in
english). An user should never enter the password again. I know how hashes
work, and they're useful when I can compare an entered password with an
hash value, but here I need that the user don't enter a password anymore
(after the first time).

The natural use of the program would be:
run the e-mail client for the first time
user enter his e-mail password
the client check for new mails
user close the client.

while 1:
user run the e-mail client
the client check for new mails WITHOUT ask for a password
user close the client

I hope I was clearer. I think Richard got the point, whit a "sad but true"


-=Riccardo Galli=-

s~ ``
~@. ideralis Programs
. ol
`**~ http://www.sideralis.net

Search Discussions

Discussion Posts


Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 7 of 15 | next ›
Discussion Overview
grouppython-list @
postedSep 22, '03 at 9:37p
activeOct 2, '03 at 5:13p



site design / logo © 2022 Grokbase