You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Microdot supports using sessions to have some kind of identification. We could use this to provide authentication to reach the control panel, securing it from potential malicious actors.
The biggest challenge to this at the moment (as I see it) is storing the password. MicroPython provides a limited number of hashing functions and none of them are salted.
As such, the best-effort way to store a password would be something like:
importhashlib, binascii# [...]password='admin'# We'd grab this from an input, probably on the settings page.hash=hashlib.sha256(password.encode())
hash_for_storage=binascii.hexlify(hash.digest())
CONFIG['users']['username'] =hash_for_storage
Then authentication could be handled as:
importhashlib, binasciifrommicrodot.sessionimportSession, with_session# [...]username='admin'# This would be an input from a sign-in page. password='admin'# Dittohash=hashlib.sha256(password.encode())
hash_for_comparison=binascii.hexlify(hash.digest())
ifhash_for_comparison==CONFIG['users'][username]:
session['username'] =usernamesession.save()
For this to be relevant, #1 should be handled first.
Microdot supports using sessions to have some kind of identification. We could use this to provide authentication to reach the control panel, securing it from potential malicious actors.
The biggest challenge to this at the moment (as I see it) is storing the password. MicroPython provides a limited number of hashing functions and none of them are salted.
As such, the best-effort way to store a password would be something like:
Then authentication could be handled as:
For this to be relevant, #1 should be handled first.
Further reading/examples:
https://github.com/miguelgrinberg/microdot/blob/main/examples/sessions/login.py
The text was updated successfully, but these errors were encountered: