Geek Answers Handbook

How to get django password

How to get user password?

u = User.objects.get(username__exact=username) print u.password

displays sha1$f0971$441cac8f604d49869e33ca125a76253a02fef64e

Is there a function to find the password from this encoded string?

+15
django
source share
5 answers

Not. This is not possible by design. But in any case, there should never be a need to do this.

+25
source share

Due to security restrictions, a password hash method is one way. You will need to reset the password for users.

Try using the set_password(raw_password) method to give the user a new password. Remember to call the save() method to save the changes to the database.

 u = User.objects.get(username__exact=username) u.set_password(raw_password) u.save()
+8
source share

not. and should not be. as part of security, passwords are passed through a one-way function until they are saved, so that they do not take pleasure if the database is compromised.

what you can do is replace the user password with the one you know. this is how the (good) forgotten password site works: they send you a new random password, not your old one, as they (shouldn't) have access to it

+3
source share

No, the field contains a salted password hash. from the string we know its function SHA1. If you have a password, you can create the same hash value that will act as a trace. For security reasons, there should now be a way to recover the password in an economical way (you can still use brute force, but it will take a lot of time).

+3
source share

You can verify that the password is correct with:

u.check_password("your password")

This method and u.set_password("you password") solve all your problems.

sha1$f0971$441cac8f604d49869e33ca125a76253a02fef64e this:

hash function $ sol $ hash code

0
source share

More articles:


All Articles