Password encryption with Flask and Python
Why encrypt?
It's normal when you start making software to not worry about many things: performance, security, or even the products you make. However, if you have a product that people are starting to use, you owe it to them to make their data safe.
Encryption is used to change data so that it cannot be read unless the reader has privileged information. It is mainly used with passwords so that if your application is compromised by a hacker, they cannot access the passwords that your users have given you.
It can also be used with other PII (Personally-Identifiable Information), such as passport numbers, credit card details, and more.
What is encryption?
Four words that frequently get confused with one another are encryption, encoding, hashing, and obfuscation. Though similar, they have different purposes and behave differently.
When we encrypt something, we can decrypt it later. For this, we use a key, which is another piece of data that should be kept safe.
When we encode something, we can easily decode it back by using the same or a similar algorithm to the one that did the encoding. Encoding is used to change data from one format to another (for example, encoding text as ASCII values).
When we hash something, we cannot "unhash" it. You can hash some data to come up with a long string of characters. If you change the data and hash it again, the string changes. Thus it can be used to easily compare data, by just comparing the hashes.
When we obfuscate something, it means making it difficult to understand. For example, some techniques for obfuscation may be minification or changing source code so it looks like it does something different from what it actually does; thus making it more difficult to understand. There are limits to obfuscation, as the content must still be readable by whomever is meant to consume it—for example, obfuscated data must still be valid, and obfuscated computer code must still be runnable by the machine.
Hashing with Werkzeug
If you have a Flask and Python application and you want to start hashing PII quickly (so you can't unhash it later), you can do so by using a Flask dependency that comes with a set of encryption functions: werkzeug
.
Want to encrypt with Python, but not using Flask? Check out our other blog post.
from werkzeug.security import generate_password_hash, check_password_hash
...
@app.route('/register', methods=['POST'])
def register_user():
username = request.form['username']
password = request.form['password']
try:
User(username, generate_password_hash(password)).save_to_db()
except:
return jsonify({'error': 'An error occurred saving the user to the database'}), 500
return jsonify({'message': 'User registered successfully'}), 201
That piece of code will get the username
and password
from the request's form data, and create a new User
object (presumably defined elsewhere), and save it to the database.
The code assumes the User
object takes in its __init__
method a username and password, and that it has a method to save itself to a database.
For a more complete example, check this link: https://gist.github.com/jslvtr/139cf76db7132b53f2b20c5b6a9fa7ad
P.S. If you are interested in learning much more about Flask and Python, sign up to our mailing list below!