Resolve "Fix backend user account with bcrypt"
name: Feature
about: New features or wider changes,
Closes #33
Description
To be done after merge of !10 (merged) thats adds sqllite3
This MR adds password hashing (not encyrption) in the database, adding an essential security practice. Plain passwords are neither stored nor displayed.
For references
- A quick intro to bcrypt: http://zetcode.com/python/bcrypt/
Changelog
- Added password hashing in database
How to test
- Generate salt as explained in the documentation and export as envvar
- make sure there is no db in the resources folder
- create the initial db with `python3 init_db.py'. This is a bit long, did put maybe too many rounds with the salt.
- Start the backend and frontend (
python3 wsgi.py
andng serve
) - Connect using the default account superdsi/superdsi and check connected
Misc
More could be done to improve the design and flexibility of password updates, hashing, security... A good reference could be : https://variable-scope.com/posts/storing-and-verifying-passwords-with-sqlalchemy
Edited by RAVERDY Pierre-Guillaume