【发布时间】:2021-01-21 07:12:27
【问题描述】:
我最近正在使用 Pyqt5 开发一个程序,并为自己构建一个小软件。
该软件需要用户名和密码才能登录,我想设置一次用户名和密码,以安全的方式保存,并防止有人拥有我的代码\访问我的电脑能够登录到我的软件。
到目前为止,我所做的是使用 keyring 模块设置密码,并使用 passlib 对其进行哈希处理 - 在对其进行哈希处理后最终保存我的密码。 当用户尝试登录时 - 代码获取输入的密码并将其与密钥环文件中的哈希密码进行比较。
所以问题是:
- 这样保存用户密码有没有好办法?安全吗?
- 如何防止有权访问我的代码或计算机的人打开代码并查看密码?
这里是密码哈希脚本:
from passlib.context import CryptContext
import keyring
# create CryptContext Object
context = CryptContext(
schemes=["pbkdf2_sha256"],
default="pbkdf2_sha256",
pbkdf2_sha256__default_rounds=50000
)
def password_encrypter (password):
# hash password
hashed_password = context.hash(password)
return hashed_password
def password_hiding (password):
# Gets password from user and encrypt it
hashed_password = password_encrypter(password)
# Hides The Password
keyring.set_password("service_name", "user_name", hashed_password)
check_if_hashed = context.verify(password, hashed_password)
password1 = keyring.get_password("service_name", "user_name")
# Just for testing
print ("password from user" , password)
print ("hashed password : " ,hashed_password)
print("password from keyring: " , password1)
return password1
def password_validatation (password):
hidden_password = password_hiding(password)
check_if_hashed = context.verify(password, hidden_password)
print(check_if_hashed)
return check_if_hashed
# Test
password_validatation("my_password")
我还要添加登录脚本:
from PyQt5 import QtWidgets
# from mainwindow import Ui_MainWindow
from qtwidgets import PasswordEdit
from .password_generator import password_validatation
class Login(QtWidgets.QDialog):
def __init__(self, parent=None):
super(Login, self).__init__(parent)
self.textName = QtWidgets.QLineEdit(self)
self.textPass = PasswordEdit()
self.buttonLogin = QtWidgets.QPushButton('Login', self)
self.buttonLogin.clicked.connect(self.handleLogin)
layout = QtWidgets.QVBoxLayout(self)
layout.addWidget(self.textName)
layout.addWidget(self.textPass)
layout.addWidget(self.buttonLogin)
def handleLogin(self):
password = password_validatation(self.textPass.text())
if (self.textName.text() == 'user_name' and
self.textPass.text() == True):
self.accept()
else:
QtWidgets.QMessageBox.warning(
self, 'Error', 'Bad user or password!')
class Window(QtWidgets.QMainWindow):
def __init__(self, parent=None):
super(Window, self).__init__(parent)
# self.ui = Ui_MainWindow()
# self.ui.setupUi(self)
def main():
import sys
app = QtWidgets.QApplication(sys.argv)
login = Login()
if login.exec_() == QtWidgets.QDialog.Accepted:
window = Window()
window.show()
sys.exit(app.exec_())
if __name__ == '__main__':
main()
【问题讨论】:
标签: python python-3.x encryption passwords