views:

54

answers:

2

I'm trying to create a model where I can store usernames and passwords for other applications. How can I set a password field in Django so that it is not in plain text in admin? Thanks in advance.

A: 

Your best bet (I'm aware of) is to dig into the code in the django code, and see how it's done there. As I recall, they generate a salted hash so that the plain text values are never stored anywhere, but rather the hash and salt are.

If you go into the django installation, and poke around for words like hash and salt, you should find it pretty quickly. Sorry for the vague answer, but perhaps it will set you on the right path.

mlissner
+3  A: 

As @mlissner suggested the auth.User model is a good place to look. If you check the source code you'll see that the password field is a CharField.

password = models.CharField(_('password'), max_length=128, help_text=_("Use 
'[algo]$[salt]$[hexdigest]' or use the <a href=\"password/\">change password form</a>."))

The User model also has a set_password method.

def set_password(self, raw_password):
    import random
    algo = 'sha1'
    salt = get_hexdigest(algo, str(random.random()), str(random.random()))[:5]
    hsh = get_hexdigest(algo, salt, raw_password)
    self.password = '%s$%s$%s' % (algo, salt, hsh)

You can take some clues from this method about creating the password and saving it.

Manoj Govindan