On Thu, Sep 19, 2013 at 12:49 PM, Sivaram R <sivaram2...@gmail.com> wrote:
> Karkar, > > I am not getting your point.I am using django default user model,my > requirement is,after the user successfully login,their is a page called > update user profile,their i am showing first name,last name,email are in > update mode but password is showing the hashed value and not the original > value entered.How to decrypt that hashed value to original value. > > You don't. Ever. That's the whole point of a hashed password. You don't store the password - you store a one way hash of the password. Any authentication system that allows you to retrieve the original password is, by very definition, broken. Any website using such a authentication system is waiting to be exploited. And we have *plenty* of examples of sites that have been broken in this way. Django's user authentication system uses a one way hashing function (PBKDF2 by default, but other options exist). You *cannot* retrieve the original password from the hash. This is a *deliberate* feature, and *will not* be changed. Yours, Russ Magee %-) -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. For more options, visit https://groups.google.com/groups/opt_out.
