Django User Authentication OVERVIEW OF USER AUTHENTICATION Anthony Alampi OWNER, X FACTOR CONSULTANTS www.XFactorConsultants.com
User Authentication (Auth) The methods by which a web app verifies the identity of a user and limits their abilities
User Authentication Uses for Authentication: - Log who visits your site - Regulate the actions of users - Can defend against malicious actors, DDoS attacks, and more User Auth Methods: - Custom User Auth - 3 rd party Authenticators like Google logins or Facebook logins
Se Setting ing Up Use ser A r Aut uthe hent ntica ication ion
Imp Imple leme ment nting ing Log ogin a in and nd Sig Signup nup
Ha Hashing shing a and nd S Storing oring Passwor ords
Hashing and Salting Logins Without Hashing and Salting: - User enters their login info - Login info is stored as plain text on database - A breach of the database reveals the user’s password With Hashing and Salting: - User login is stored using encryption - A database breach will not reveal a user’s password
Hashing and Salting Logins Password formatting: Password formatting: - algorithm$iterations$salt$hash Algorithm: - Used to record which hashing algorithm is used Iterations: - How many times the hashing algorithm is used Password Upgrading: - Automatically re-generates password hashing when Django is updated
Recommend
More recommend