Yesterday, I posted about storing passwords in MongoDb. Thanks to some feedback on G+, I changed the hashing from hashlib to bcrypt. SHA and MD5 are apparently not as secure.

Also, when I switched to bcrypt, I found an issue with my get_credentials() function. When it gets data back from MongoDb, it gets the entire array, even though I specified username. It just so happens, when I was testing with the previous version, I was using the same test password and it was hashed the same way. Bcrypt hashes the password different each time it’s called, so when I switched, the passwords were never matching up.

Here’s the updated code:

 

Author
profilepicJason Vanzin is the CEO at Vanzin Consulting Corp. He has over 15 years of IT experience and lives in Pittsburgh, PA. He blogs on topics related to Business Continuity, Python programming, and technology in general.

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: