Using Hashlib to Securely store user passwords and credentials.

What is hashing?

Hashing a password means that users cannot have their passwords compromised when a database engineer is reading cleartext in user databases (to a degree, the passwords could be decoded, but hashing them makes them illegible to someone who is not doing anything extensive). And also prevents hackers from reading passwords in plain text and can be compromised by collision attacks.

Additionally when hashing a password a salt may be added to the password, this prevents a database from being attacked by dictionary attacks.

Why Hash Passwords?

Storing User credentials in Plain Text is generally as bad practice as it allows anyone who reads the file (or computer) to see the password, username or any other credential without any sort of protection, In some cases it is against the law, such as PCI SSC Data Security Standards which handles debit and other card types. The solution to this is to Obfuscation in the form of hashing. Hashing a password makes a standard password seem completely random.

How hashing works

When a user signs up for a website or any other form that requires secure credentials, such as a password, username, email address or address, that user will fill in a form that will ask these credentials, then the web server will both hash and store the hash, the server will ‘throw away’ the original password and keep the hash. In a more secure environment the user may also be given a salt, this may be unique to the user or unique to the application (The user will not know the salt, the salt is owned by the server and will be kept secret.). When hashing both the password and salt will be combined and hashed.

How to hash a string in Python

This tutorial uses Hashlib as its hashing encoder which uses the ever bug free OpenSSL…

First we need to import hashlib and encode the input, then finally we need to check for a match.

Adding Hosts to Godaddy

GoDaddy is a great Domain Registrar,  I have GoDaddy as my Domain Registrar.

When using domains and Subdomains you may want to have multiple websites on the same server, here is how to add hosts to your GoDaddy account.

 

First Browse to Godaddy and Login, It may be slightly different for you as I live in the UK.

First Click on My Account, then Visit My Account… You should see this page, Expand Domains.

Godaddy Main

On the domain you would like to Add a Host to, Click Launch. You should See this Page….

Godaddy Main 2

Please note some of my sensitive information has been removed…

To add a subdomain Click Host Names (Manage) In there click Add Hostname. The Hostname will be the Subdomain Name, The IP address will be the IP address of the web server(Or Application Server). Then Click Add.

Please note that it can take up to 48 Hours for a DNS Host to update through the Internet.

To Set the Domain Record, Click DNS Zone File, Click Add Record, Select A (Host), Enter the Host that will be the Domain or Subdomain, such as www (By Default this is already configured, so click edit rather than add record.) Then Click Points to, The IP address will be the IP address of the web server(Or Application Server), Then set The Time To Live (TTL), If you are unsure what to do, leave it as default. Then Click Add.

Please note that it can take up to 48 Hours for a DNS Host to update through the Internet.

 

You have now configured a new host!

 

If you want to add another, repeat the process.