For example: username:zjm1126 password:11 I store the password to the datastore on gae. When

Question

0

Asked: May 15, 20262026-05-15T09:22:00+00:00 2026-05-15T09:22:00+00:00

For example: username:zjm1126 password:11 I store the password to the datastore on gae. When

0

For example:

username:zjm1126
password:11

I store the password to the datastore on gae. When I see the data view at /_ah/admin, I can see the password of all people that have registered.

Is it safe to do so? If not, how to store it properly?

And the check_password method is:

user=MyUser.get_by_key_name(self.request.get('username'))
if user.password == self.request.get('password'):
    session['user.key']=str(user.key())
else:
    raise Exception('error 404')

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-15T09:22:00+00:00

Editorial Team

2026-05-15T09:22:00+00:00Added an answer on May 15, 2026 at 9:22 am

You should never store a password in plain text.

Use a ir-reversable data hashing algorithm, like sha or md5

Here is how you can create a hash in python:

from hashlib import sha256
from random import random
random_key = random()
sha256('%s%s%s'%('YOUR SECRET KEY',random_key,password))

You should also store the random key and hash the user supplied password similarly.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

For example: username:zjm1126 password:11 I store the password to the datastore on gae. When

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply