Home/ Questions/Q 965153
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T01:56:55+00:00

I am working on a huge project. I have been working on it for

  • 0

I am working on a huge project. I have been working on it for a while now, and decided to “up” the security on the way the software handles data. I already know how to encrypt and decrypt the data strings using DES encryption, but what I am not sure about is where to put that encrypted data. I would like to store everything in a MySQL database, but haven’t quite figured out how to work with the database. I have done some Googling, but to no prevail.

I need to store the following for each account:

Username
Password
Sec. Question
Sec. Answer
Email
List of keywords
List of web URLs

I think storing this information would be like creating tables in the database, but I’m not sure. Maybe a table for the user, then more tables for the rest inside the table for the user? I am not sure how to work with MySQL databases from Python, so any help will be greatly appreciated.

Sorry for the late edit, I just realized I needed to clean it up a little.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Here’s an example of what the schema could look like:

    user
    user_id (PK)
    username (char)
    password (char)
    security_question_id (FK)
    security_answer (char)
    email_address (char)

security_question
    security_question_id (PK)
    question (char)

keyword
    keyword_id (PK)
    keyword (char)

user_keyword
    user_keyword_id (PK)
    user_id (FK)
    keyword_id (FK)

url
    url_id (PK)
    user_id (FK)
    url (char)

PK = Primary Key
FK = Foreign Key
char = varchar of some max length that you define

    Assumptions:

    • There is a standard list of security questions to choose from.
    • A lot of users may have the same keyword, so they’re put in their own table.
    • URLs are more unique, so just store the url and user_id together. If you want, you could change this to the shared pattern the keywords use.
    • Nothing is nullable, all fields are required.

    As I commented, I recommend hasing passwords (with a salt). No need to be recoverable, they can reset the password. I’ve mimicked Django’s password style in the past:

    sha1$8ac10f$a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

    That’s: hash method, salt and password hash, delimited by $ characters. You can just generate a random string as salt. Add it to the password before hashing. Store a string like that one shown in the password field. To test a password for correctness, extract those 3 fields, append the salt to the user-entered password, apply the hash and compare to the hash (3rd field) in the database. If they match, the password is correct.

    I would personally use SQLAlchemy.

    • 0