Using Hashlib to Securely store user passwords and credentials.

What is hashing?

Hashing a password means that users cannot have their passwords compromised when a database engineer is reading cleartext in user databases (to a degree, the passwords could be decoded, but hashing them makes them illegible to someone who is not doing anything extensive). And also prevents hackers from reading passwords in plain text and can be compromised by collision attacks.

Additionally when hashing a password a salt may be added to the password, this prevents a database from being attacked by dictionary attacks.

Why Hash Passwords?

Storing User credentials in Plain Text is generally as bad practice as it allows anyone who reads the file (or computer) to see the password, username or any other credential without any sort of protection, In some cases it is against the law, such as PCI SSC Data Security Standards which handles debit and other card types. The solution to this is to Obfuscation in the form of hashing. Hashing a password makes a standard password seem completely random.

How hashing works

When a user signs up for a website or any other form that requires secure credentials, such as a password, username, email address or address, that user will fill in a form that will ask these credentials, then the web server will both hash and store the hash, the server will ‘throw away’ the original password and keep the hash. In a more secure environment the user may also be given a salt, this may be unique to the user or unique to the application (The user will not know the salt, the salt is owned by the server and will be kept secret.). When hashing both the password and salt will be combined and hashed.

How to hash a string in Python

This tutorial uses Hashlib as its hashing encoder which uses the ever bug free OpenSSL…

First we need to import hashlib and encode the input, then finally we need to check for a match.

Adding Virtual Domains to Apache

Virtual Hosts are great for servers, it allows you to have multiple domains, Subdomains and Users all use the same Web Host (Server) and Is easy to configure.

 

First Please make sure your server is configured to use Virtual Hosts, See Here , Please note this is fundamental

 

Now you have your domain on a Virtual host you can now add others, But you need to add your Host to your DNS zone file from your domain regestrar, See Here

 

 

Now you are ready browse to your Apache installation folder and go to httpd-vhosts.conf

[box type=”shadow”]apacheconfextrahttpd-vhosts.conf[/box]

 

and add the extra hosts you setup in your Domain Registrars DNS Host Names like so,

(be sure to replace ‘dds’ with your subdomain)

Make sure this is at the end of your file, after your root of the domain, make sure you have configured the subdomain folder and the DNS Host names

Be aware that It can take up to 48 hours for Host Records to update through the internet!

How to Configure Apache to use Virtual Hosts

Using Apache is Good, but for one website is limiting its potential you can create multiple websites, domains and sub-domains with Apache, see below.

 

 

First you need to stop your server, you can do this on lunix by entering
[box type=”shadow”] $ sudo /etc/init.d/apache2 stop [/box]

into your terminal, this allows you to make changes to files in your server without breaking it, for windows you need to stop Apache using Xammp, see below.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Now Enable Mod_log_config browse here

[box type=”shadow”]xamppapacheconf[/box]

and in httpd.conf remove the # from this line

[box type=”shadow”]#LoadModule log_config_module modules/mod_log_config.so[/box]

to look like this

[box type=”shadow”]LoadModule log_config_module modules/mod_log_config.so[/box]

 

next using an FTP program or other method, go to your website’s root directory such as

[box type=”shadow”]/home/*/public_html/cgi-bin/[/box]

 

Or for windows

[box type=”shadow”]C:xampphtdocs[/box]

This is the base of your web server, and probably where your Index.html is located, create two folders, Domains and Subdomains, this is where your domains will be stored. See below

Domains, Subdomains

 

 

 

 

 

 

 

In Domains, Place the dome of your website, replacing dots with hyphens like so

Domains, if

 

 

 

(Also add any other websites that you plan to host on the server)

Then copy the data that was in your root of the server into the domain folder on the server like this

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

then paste  into your domain folder like this

 

Paste

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

So your Server should now have the ‘root’ of the server in

[box type=”shadow”]WEBROOTDomainsinfinityflame-co-ukindex.html[/box]

or subsequent folders in Linux.

now you need to redirect traffic from your website to the correct folder, this is done with virtual Hosts’s, and is also how you add sub domains see below

browse to your Apache installation folder and go to httpd-vhosts.conf

[box type=”shadow”]apacheconfextrahttpd-vhosts.conf[/box]

 

and at the bottom add the following code replaceing my domain, with yours.

now test the website, start Apache and browse to your domain, you should see your site as you did before, you have now configured your website to use Virtual Hosts

now you need to add other domains and subdomains, See Here