在 web2py 中加密存储数据的最佳方法是什么?
我需要加密存储在 web2py 中的数据,更准确地说是密码。
这与身份验证无关,而更多的是类似于 KeePass 的应用程序。
我已经看到它包含在 web2py 中,但是 M2Secret 可以轻松做到这一点。有了 M2Secret,我可以使用这个:
import m2secret
# Encrypt
secret = m2secret.Secret()
secret.encrypt('my data', 'my master password')
serialized = secret.serialize()
# Decrypt
secret = m2secret.Secret()
secret.deserialize(serialized)
data = secret.decrypt('my master password')
但我必须在我的设备中包含 M2Crypto 库。
有没有办法使用 web2py 中已经包含的 PyMe 来做到这一点?
I need to encrypt data stored in web2py, more precisely passwords.
This is not about authentication, but more something in the line of a KeePass-like application.
I've seen that is included in web2py, but and M2Secret could easily do that. With M2Secret I can use this:
import m2secret
# Encrypt
secret = m2secret.Secret()
secret.encrypt('my data', 'my master password')
serialized = secret.serialize()
# Decrypt
secret = m2secret.Secret()
secret.deserialize(serialized)
data = secret.decrypt('my master password')
But I would have to include the M2Crypto library in my appliance.
Is there a way to do this with PyMe which is already included with web2py?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
默认情况下,web2py 存储使用 HMAC+SHA512 散列的密码,因此您无需执行任何操作。它比您建议的机制更好,因为加密是可逆的,而散列则不可逆。您可以更改此设置并按照上面的要求执行操作,但它不会比使用明文更安全(因为您必须在应用程序中公开加密密钥)。
反正。假设您有一个
并且想要使用 m2secret。你会这样做:
在 web2py 中验证器也是双向过滤器。
By default web2py stores passwords hashed using HMAC+SHA512 so there is nothing for you to do. It is better than the mechanism that you suggest because encryption is reversible while hashing is not. You can change this and do what you ask above but it would not be any more secure than using plaintext (since you would have to expose the encryption key in the app).
Anyway. Let's say you have a
and you want to use m2secret. You would do:
In web2py validators are also two way filters.