Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 6 of 6 for plaintext (0.4 sec)

  2. github.com/tiangolo/fastapi

    docs/en/docs/how-to/conditional-openapi.md 

    * Make sure you have well defined Pydantic models for your request bodies and responses.
* Configure any required permissions and roles using dependencies.
* Never store plaintext passwords, only password hashes.
* Implement and use well-known cryptographic tools, like Passlib and JWT tokens, etc.
* Add more granular permission controls with OAuth2 scopes where needed.
* ...etc.
    Plain Text
    - Registered: Sun Apr 28 07:19:10 GMT 2024
    - Last Modified: Sat Aug 19 19:54:04 GMT 2023
    - 2.3K bytes
    - Viewed (0)
  3. github.com/tiangolo/fastapi

    docs/en/docs/tutorial/security/oauth2-jwt.md 

    But you cannot convert from the gibberish back to the password.

### Why use password hashing

If your database is stolen, the thief won't have your users' plaintext passwords, only the hashes.

So, the thief won't be able to try to use that password in another system (as many users use the same password everywhere, this would be dangerous).

## Install `passlib`
    Plain Text
    - Registered: Sun Apr 28 07:19:10 GMT 2024
    - Last Modified: Thu Apr 18 19:53:19 GMT 2024
    - 13K bytes
    - Viewed (0)
  4. github.com/tiangolo/fastapi

    docs/en/docs/tutorial/extra-models.md 

    * The **input model** needs to be able to have a password.
* The **output model** should not have a password.
* The **database model** would probably need to have a hashed password.

!!! danger
    Never store user's plaintext passwords. Always store a "secure hash" that you can then verify.

    If you don't know, you will learn what a "password hash" is in the [security chapters](security/simple-oauth2.md#password-hashing){.internal-link target=_blank}.
    Plain Text
    - Registered: Sun Apr 28 07:19:10 GMT 2024
    - Last Modified: Thu Apr 18 19:53:19 GMT 2024
    - 7.7K bytes
    - Viewed (1)
  5. github.com/tiangolo/fastapi

    docs/en/docs/tutorial/response-model.md 

    ## Return the same input data

Here we are declaring a `UserIn` model, it will contain a plaintext password:

=== "Python 3.10+"

    ```Python hl_lines="7  9"
    {!> ../../../docs_src/response_model/tutorial002_py310.py!}
    ```

=== "Python 3.8+"

    ```Python hl_lines="9  11"
    Plain Text
    - Registered: Sun Apr 28 07:19:10 GMT 2024
    - Last Modified: Thu Apr 18 19:53:19 GMT 2024
    - 17.9K bytes
    - Viewed (0)
  6. github.com/tiangolo/fastapi

    docs/en/docs/tutorial/security/simple-oauth2.md 

    ### Check the password

At this point we have the user data from our database, but we haven't checked the password.

Let's put that data in the Pydantic `UserInDB` model first.

You should never save plaintext passwords, so, we'll use the (fake) password hashing system.

If the passwords don't match, we return the same error.

#### Password hashing
    Plain Text
    - Registered: Sun Apr 28 07:19:10 GMT 2024
    - Last Modified: Thu Apr 18 19:53:19 GMT 2024
    - 12.5K bytes
    - Viewed (0)
  7. github.com/tiangolo/fastapi

    docs/en/docs/tutorial/sql-databases.md 

    !!! warning
    This example is not secure, the password is not hashed.

    In a real life application you would need to hash the password and never save them in plaintext.

    For more details, go back to the Security section in the tutorial.

    Here we are focusing only on the tools and mechanics of databases.

!!! tip
    Plain Text
    - Registered: Sun Apr 28 07:19:10 GMT 2024
    - Last Modified: Thu Apr 18 19:53:19 GMT 2024
    - 29.6K bytes
    - Viewed (0)
Back to top