Closed HomiGrotas closed 2 years ago
You don't need any support from this library to do that. Just store the hashed password in your database, and then in your verify callback use your password hashing comparison function to check if the password is correct.
But HTTPDigestAuth doesn't use verify_password but get_password... Maybe I missed something? As I understood, the user response is sent hashed to the server, isn't it?
I don't use digest auth, it's been many years since this code was written and you are correct, it never got a "verify" style callback.
The hashing option for digest is to store the "HA1" value of the password instead of the password itself (when you set the use_ha1_pw=True
option. But this is an MD5 hash, so it is not a strong hash.
Another option you may consider is to encrypt your password in your database instead of hashing it.
Ok, thanks a lot!
Hi, is there an option in the HTTPDigestAuth model to NOT save passwords in plain text? I couldn't find a function that I could implement in order to compare the given password hash to the password in DB...