Something else is causing the problem. If you do: row = db(db.auth_user.id == uid).select(db.auth_user.password)
row.password is the hashed user password. The password is treated in a spacial way in forms (not at db level) to prevent forms from accidentally even retuning a password from server to client. There is no per-user salt (I have a patch pending that will add that). we use HMAC+SHA512 to hash passwords. On Oct 8, 8:52 am, haggis <[email protected]> wrote: > I'm trying to fetch the password field in a simple query like this: > > row = db(db.auth_user.id == uid).select(db.auth_user.password) > eturn row > > This is returned: > auth_user.password > auth_user.password <generator object <genexpr> at 0xa313a2c> > > What's so special with the password field that I can query every field > but password? How would you query the salted hash of an user? > > Thanks in advance, > haggis
