On Sun, Apr 5, 2009 at 6:12 AM, Joshua Partogi <[email protected]> wrote: > > > > On Apr 4, 11:49 pm, Masklinn <[email protected]> wrote: >> On 4 Apr 2009, at 15:38 , Joshua Partogi wrote: >> >> > Dear all, >> >> > I already take a look at the django.contrib.auth.models but could not >> > find any methods for decrypting the user password. >> >> > Sometimes we need to get the real text password to be sent to user. >> >> > What is the best way to do this? Anybody has got an idea? >> >> > Thank you very much in advance! >> >> Django's passwords are salted[1] and hashed[2]. You cannot[3] retrieve >> them, and that's exactly the intent (well the intent is not that *you* >> cannot retrieve them, it's that nobody else can). If you need to send >> users their passwords, you have to generate new (random) passwords and >> send them that. >> >> Masklinn > > Thanks for the explanation Masklinn. :-) > > I'll find another way to send user their password.
Don't. Ever. Do. This. You should _never_ store passwords in cleartext, and you should _never_ transmit passwords in cleartext. If you think I'm kidding, read up on what happened to Reddit. http://blog.moertel.com/articles/2006/12/15/never-store-passwords-in-a-database Yours, Russ Magee %-) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
