Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
E
E
Emil Revencu2015-12-07 23:15:28
Flask
Emil Revencu, 2015-12-07 23:15:28

Is it possible to do Flask authentication this way?

On a certain page, the client enters a name and password.
When you click send data for verification, the Client first receives some random key via AJAX (string that Flask stuffs into session['token']) and this key is hashed through JS sha256: username+password+randomkey.
The resulting hash is submitted by the form and Flask checks-scans the user table for a combination match:

hashlib.sha256(user+pass+session['token']).hexdigest()

with the received code (hash)
If any record matches, it means the correct client. We create
session['login']=True
and on all pages (route) we check:
if session.get('login') !=True: return redirect(url_for('login'))

Will such authorization be secure?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
E
Emil Revencu, 2015-12-07
@Revencu

I'm more confused by the code
Is it reliable?

Similar questions
C
Cheabatto2021-06-24 20:43:30
Schedule does not work in flask on hosting. Why? 0Reply
A
avalak2011-08-03 17:14:08
Do you need articles about GAE on Habré? 10Reply
D
Dmitry Labutin2015-10-24 15:21:37
How to make multilingual pages in Flask? 0Reply
M
Mikhail Lebedev2018-03-03 13:04:19
Flask + Python3.6 + Atom + MacOS? 0Reply
A
Andrey Majidov2018-03-05 16:03:04
Flask-security + reCaptcha? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question