search

coto / gae-boilerplate

Google App Engine Boilerplate
https://dev-dot-sandengine.appspot.com/
Other
685 stars 189 forks source link

Is hashing needed in RegisterHandler? #314

Closed michaelkariv closed 8 years ago

michaelkariv commented 8 years ago 
class RegisterHandler(BaseHandler):
# ...
    def post(self):
# ...
        # Password to SHA512
        password = utils.hashing(password, self.app.config.get('salt'))
# ...
        user = self.auth.store.user_model.create_user(
            auth_id, unique_properties, password_raw=password,
            username=username, name=name, last_name=last_name, email=email,
            ip=self.request.remote_addr, country=country, tz=tz
        )

Why do we need hashing the password (using utils.hashing) if it is getting hashed again by webapp2_extras.appengine.auth.models.User.create_user ?

coto commented 8 years ago

manage your own hashing algorithm allows you to add another level of security. Always a Security Algorithm can fail