Ask coding questions

← Back to all posts
6
How would I make a secure login in python?
AzureScripts (130)

If i decide to make a program with a working login feature, which would be public.

Is there a way to make it so that i can have a database setup on a website with all the login info?

But have it secure enough so you can't just open the .py and get all the usernames and passwords

Commentshotnewtop
1
PAULX (16)

with the repl.it module can you login and save datas with your repl.it account.

1
JustARatherRidi (185)

I'd say one of the easiest ways to set up a database is using jsonstore.io. You don't even have to log in, all you need to do is grab your endpoint and start working with it.

If you're working with python, you can use leon's client for jsonstore, which will make it even easier.

As for making it secure, you'd use a .env file to store your endpoint like @AllAwesome497 mentioned, to make it so that people can't just come along and see what's in your database. Only you can see what's in your .env file.

If you want to see or modify your database, you can use reqbin to manually send http requests to your endpoint.


As long as you don't disclose your endpoint to anyone, this method should ensure that nobody can see anyone else's information, and you can change any information at any time.


If you're stuck anywhere, I'll be happy to help!

1
AllAwesome497 (80)

https://Mlab.com offers a free 500mb on your first cluster. just put the link (with the actual password and username, ofc) in a file named .env.

MLAB_LINK=<link>

to connect, do the same thing it says to do in the guide for py, but instead, add link = os.environ.get("MLAB_LINK") (import os at the beginning of the file, ofc) and do what it says to do and use the link from env to connect. If u have any questions, or you need additional help, feel free to reply. if this answers your question, please mark as correct and upvote.

1
AzureScripts (130)

@AllAwesome497 Would this be completely secure so that nobody can get the passwords of other users?

And if i change these in real time, would i be able to blacklist users?

1
AzureScripts (130)

Also is there an easier method which i can use for free for permanent?

1
AllAwesome497 (80)

@AzureScripts you can use jsonstore.io but it's not very secure. Mlab, or at least the sandbox from the mongodb.com is free forever. you could also use google sheets, but it's not as fast. if u do that @Nithilian4 might be able to help.

2
JustARatherRidi (185)

@AllAwesome497 Just asking, what makes jsonstore not very secure?

1
AllAwesome497 (80)

@JustARatherRidi just the fact that u cant password protect it, no permission system. meaning that anyone with the link can edit and read it.

1
AzureScripts (130)

@AllAwesome497 I am still new to this stuff

1
JustARatherRidi (185)

@AllAwesome497 Right, but if you don't share your endpoint with anyone, just like you don't share your password with anyone, it should be just as secure right?

1
AzureScripts (130)

@JustARatherRidi I guess.

Right now, i am having issues with finding the hash on my website.
I input the username and password
it makes a hash

and when i try and do a request to the site to see if it's there, it doesn't work

1
JustARatherRidi (185)

@AzureScripts Could you share a link to your repl? Also, if this is a different problem than the one in the question, you might want to ask a new question so that more people can see it.

1
AzureScripts (130)

@JustARatherRidi

https://repl.it/@AzureScripts/Secure-Login

I have also provided you with credentials you can use to test!

1
JustARatherRidi (185)

@AzureScripts It seems like the_hash has the same value you expected, but the response you're getting from doing this

r = requests.get('https://xsecurity.000webhostapp.com/app/database.txt')

seems to be nothing (I printed it out for you to see).

What is this website you're sending a request to? What do you expect to be in the response?

1
AllAwesome497 (80)

@AzureScripts Yes. only you would be able to view passwords from others.

1
AzureScripts (130)

I am trying to grab the text on the site

i can do this by doing "for line in r: print(line)"
but it still doesn't work.

I am trying to get all the text on the site, to see if the hash is there.
And if the hash is there, it goes to another function called program() where the main stuff will be