Note, you might also consider using web2py as a CAS provider <http://web2py.com/books/default/chapter/29/09/access-control#Central-Authentication-Service> from your other apps, letting web2py handle all the authentication logic.
On Friday, May 18, 2018 at 3:05:33 PM UTC-4, Anthony wrote: > > Here is the code the compares a plain text password to the stored hashed > password: > https://github.com/web2py/web2py/blob/4ed36cfb1fe960d5c818c53562d920d407e991ae/gluon/validators.py#L2919-L2922 > > The salt and the digest algorithm name and parameters are stored in a > string combined with the hash. The above linked code extracts the salt, > digest algorithm, and hash stored in the database. It then uses the salt > and digest algorithm info to hash the plain text password in order to > determine if it is the same as the stored hash. > > To hash the password, it calls simple_hash > <https://github.com/web2py/web2py/blob/4ed36cfb1fe960d5c818c53562d920d407e991ae/gluon/utils.py#L116> > > in gluon.utils. You can review that code to figure out how the hashing is > done. > > As seen here > <https://github.com/web2py/web2py/blob/4ed36cfb1fe960d5c818c53562d920d407e991ae/gluon/validators.py#L3017>, > > the default digest algorithm used by CRYPT (and ultimately passed to > simple_hash) is pbkdf2(1000,20,sha512), so unless you have changed the > default, that is what you should use. > > You'll have to figure out how to replicate the hashing process in whatever > language you are using, though the algorithms are standard, so hopefully > that will be fairly straightforward. > > Anthony > > On Friday, May 18, 2018 at 11:34:24 AM UTC-4, 黄祥 wrote: >> >> *objective:* >> use database that built using web2py in another app, like php slim >> framework, express js or restify, since that frameworks didn't need to >> define the models database. >> >> *problem:* >> don't know how to use the auth_user table for login in another app, >> because the password field is not clear how to store it in database table >> >> *learn from the book:* >> By default, CRYPT uses 1000 iterations of the pbkdf2 algorithm combined >> with SHA512 to produce a 20-byte-long hash. >> *ref:* >> http://web2py.com/books/default/chapter/29/07/forms-and-validators >> >> *question:* >> what is the crypt module used by web2py to encrypt password field, >> because the book said 1000 iterations of the pbkdf2 algorithm combined with >> SHA512 to produce a 20-byte-long hash, not sure i understand the meaning? >> >> thanks and best regards, >> stifan >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
