On Feb 24, 2009, at 3:49 AM, LaundroMat wrote:
> > Hi - > > I'm working on a small django app that allows users to interact with > other websites where they have an account. Ofcourse, using this app > means providing your username and password for the other website. > > What are the most secure ways of handling this information? I suppose > encrypting the passwords is one option, but are there any ways to > prevent people who have access to the app's source code and database > of retrieving user's names and passwords? If your app servers have access to the password decryption keys, then anyone with access to the app server also has access to the password decryption keys. The simplest solution is to use SSL to secure the traffic between the browser and the app server and some custom model methods to symmetrically (AES, twofish, or blowfish) encrypt and decrypt the data going into and out of the database. That would protect you against sniffing and a database compromise, but not an app server compromise. A more secure way to mitigate the risk, would be to split up functions, so public Internet facing app servers do not perform decryption functions or work with plaintext passwords. In that scenario, you could use an asymmetric key (ideally one per user or encrypted password) at the browser to encrypt the passwords. Secured backend servers would perform the asymmetric decryption and plaintext password handling functions. You still have problems if the backend servers are compromised, but they would be much easier to lock-down and audit. -- Eric Chamberlain, Founder RF.com - http://RF.com/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
