TuringTux
commented
4 years ago Is it correct that this would imply not only refactoring the code, but also rewriting the password column in the database using some kind of migration script?
Open christian-heusel opened 5 years ago
TuringTux
commented
4 years ago Is it correct that this would imply not only refactoring the code, but also rewriting the password column in the database using some kind of migration script?
At the moment, all the passwords are stored as a hexdump of the
sha1sumof the originally inserted password.According to this, this is a common bad practice, because once a hacker gains access to the database it is way more easy to crack the gained hashes.
An example method is defined in https://github.com/muesli-hd/muesli/blob/146e8e9d9f25422239f78fb5ea490e74670f0126/muesli/web/viewsUser.py#L44-L54 and should use the Python module
bcryptas an alternative.