date:20200522

[web2py] Credential (email) encryption

2020-05-22 Thread Val K

Try to use SQLCustomType instead of filter_in/out

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/web2py/259de7e7-a8ea-4119-8837-e2ef9940939a%40googlegroups.com.

Re: [web2py] web2py hosting

2020-05-22 Thread Carlos Cesar Caballero

Some time ago I found Contabo, an is working quite well for my needs.

Greetings.

El vie., 22 de mayo de 2020 3:45 a. m., António Ramos 
escribió:

> I´m a webfaction long time user and from another post here i got worried
> about the godaddy acquisition.Eventually webfaction may die in a short term
> period.
>
> Can you recommend a good alternative?
> Can you share your experience?
>
> Opalstack
> pythonanywhere
>
> others ?
>
> regards
> António
>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/web2py/CAEM0BxO8zjne3vQeuPJ_06vWuWFuwmVyAOgASRAH0hxx8UK9mQ%40mail.gmail.com
> 
> .
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/web2py/CAKHqNp4xy%2ByJJBCu2N9O%2Bjia1U-W60p_a3BkRJybUe%2B2V%2BETaA%40mail.gmail.com.

[web2py] Re: web2py hosting

2020-05-22 Thread Jim S

I'm a former webfaction user and switched to pythonanywhere a few years 
ago.  No regrets.

-Jim

On Friday, May 22, 2020 at 2:45:12 AM UTC-5, Ramos wrote:
>
> I´m a webfaction long time user and from another post here i got worried 
> about the godaddy acquisition.Eventually webfaction may die in a short term 
> period.
>
> Can you recommend a good alternative? 
> Can you share your experience?
>
> Opalstack
> pythonanywhere
>
> others ?
>
> regards
> António
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/web2py/3b3bd446-4431-4bc1-b9ed-695ba4f8eee6%40googlegroups.com.

Re: [web2py] Re: Credential (email) encryption

2020-05-22 Thread Kevin Keller

It shouldn't be hard to use hashes for usernames too, but there may be
complications later when it comes to storing user sessions and needing user
information in your session etc.

I think iy would br easier if you just encrypt the whole database and make
web2py read the encrypted data transparently.

You would need to check your database features and configuration for that
and also configure web2py to use the database key when connecting etc.



On Fri, 22 May 2020, 12:57 Kevin Keller,  wrote:

> Without having checked the code, i am pretty sure that the builtin Auth
> Modul of Web2py expects a plaintext email in the username field when
> checking the credentials.
>
> I suppose now it fails as the encrypted email value does simply not match
> the plaintext one.
>
> You would need to modify the Auth module to encrypt the plain text email
> after submitting and then also checking against an encrypted value. During
> user registration you would also need to insure user name encryption.
>
> This is in fact pretty much how passwords are stored, with a hash, so inr
> way encryption and only the hashes are compared.
>
>
>
> On Fri, 22 May 2020, 12:15 Michele Serra,  wrote:
>
>> Please answer!
>>
>> Il giorno martedì 21 aprile 2020 15:16:38 UTC+2, Michele Serra ha scritto:
>>>
>>> Anyone? please
>>>
>>> Il giorno venerdì 10 aprile 2020 12:38:02 UTC+2, Michele Serra ha
>>> scritto:

 Hi,
 I use the email as the login credential, I tried to encrypt the email
 with

 db.auth_user.email.filter_in = lambda value : secure_dumps(value,
 enc_key)
 db.auth_user.email.filter_out = lambda value : secure_loads(value,
 enc_key)

 and it works well, in the database I see the encrypted data while from
 the appadmin I see the decrypted data.

 But when I try to login it fails, with an "INVALID LOGIN"
 Have you ever tried?
 What am I doing wrong?

>>> --
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> - http://github.com/web2py/web2py (Source code)
>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "web2py-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to web2py+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/web2py/1f196a71-6224-4ee3-988b-d130bd19c53a%40googlegroups.com
>> 
>> .
>>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/web2py/CADHCKLRYFY27EroXpa9jq9p48y8W2TqUWe7jS-o_osMv6zYCtg%40mail.gmail.com.

Re: [web2py] Re: Credential (email) encryption

2020-05-22 Thread Kevin Keller

Without having checked the code, i am pretty sure that the builtin Auth
Modul of Web2py expects a plaintext email in the username field when
checking the credentials.

I suppose now it fails as the encrypted email value does simply not match
the plaintext one.

You would need to modify the Auth module to encrypt the plain text email
after submitting and then also checking against an encrypted value. During
user registration you would also need to insure user name encryption.

This is in fact pretty much how passwords are stored, with a hash, so inr
way encryption and only the hashes are compared.



On Fri, 22 May 2020, 12:15 Michele Serra,  wrote:

> Please answer!
>
> Il giorno martedì 21 aprile 2020 15:16:38 UTC+2, Michele Serra ha scritto:
>>
>> Anyone? please
>>
>> Il giorno venerdì 10 aprile 2020 12:38:02 UTC+2, Michele Serra ha scritto:
>>>
>>> Hi,
>>> I use the email as the login credential, I tried to encrypt the email
>>> with
>>>
>>> db.auth_user.email.filter_in = lambda value : secure_dumps(value,
>>> enc_key)
>>> db.auth_user.email.filter_out = lambda value : secure_loads(value,
>>> enc_key)
>>>
>>> and it works well, in the database I see the encrypted data while from
>>> the appadmin I see the decrypted data.
>>>
>>> But when I try to login it fails, with an "INVALID LOGIN"
>>> Have you ever tried?
>>> What am I doing wrong?
>>>
>> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/web2py/1f196a71-6224-4ee3-988b-d130bd19c53a%40googlegroups.com
> 
> .
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/web2py/CADHCKLQ6%3D%2BTng8%3DYjVrAvRroNp_p_Frh13PNZqp_7KpJP-7Eag%40mail.gmail.com.

[web2py] Re: Credential (email) encryption

2020-05-22 Thread Michele Serra

Please answer!

Il giorno martedì 21 aprile 2020 15:16:38 UTC+2, Michele Serra ha scritto:
>
> Anyone? please
>
> Il giorno venerdì 10 aprile 2020 12:38:02 UTC+2, Michele Serra ha scritto:
>>
>> Hi, 
>> I use the email as the login credential, I tried to encrypt the email with
>>
>> db.auth_user.email.filter_in = lambda value : secure_dumps(value, enc_key)
>> db.auth_user.email.filter_out = lambda value : secure_loads(value, 
>> enc_key)
>>
>> and it works well, in the database I see the encrypted data while from 
>> the appadmin I see the decrypted data.
>>
>> But when I try to login it fails, with an "INVALID LOGIN"
>> Have you ever tried?
>> What am I doing wrong?
>>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/web2py/1f196a71-6224-4ee3-988b-d130bd19c53a%40googlegroups.com.

[web2py] web2py hosting

2020-05-22 Thread António Ramos

I´m a webfaction long time user and from another post here i got worried
about the godaddy acquisition.Eventually webfaction may die in a short term
period.

Can you recommend a good alternative?
Can you share your experience?

Opalstack
pythonanywhere

others ?

regards
António

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/web2py/CAEM0BxO8zjne3vQeuPJ_06vWuWFuwmVyAOgASRAH0hxx8UK9mQ%40mail.gmail.com.

[web2py] Credential (email) encryption

Re: [web2py] web2py hosting

[web2py] Re: web2py hosting

Re: [web2py] Re: Credential (email) encryption

Re: [web2py] Re: Credential (email) encryption

[web2py] Re: Credential (email) encryption

[web2py] web2py hosting

7 matches

Site Navigation

Mail list logo

Footer information