我们如何找回用户的密码?
u = User.objects.get(username__exact=username)
print u.password
显示sha1$f0971$441cac8f604d49869e33ca125a76253a02fef64e
有没有从这个编码字符串中找到密码的函数?
问问题
26050 次
6 回答
47
不,这是不可能的,设计使然。但无论如何都不应该这样做。
于 2012-05-16T15:57:18.957 回答
16
Due to security restrictions the password hash method is one way. You will need to reset that users password.
Try using the set_password(raw_password) method to give the user a new password. Remember to call the save() method to ensure you save the change to the database.
u = User.objects.get(username__exact=username)
u.set_password(raw_password)
u.save()
于 2012-05-16T15:58:06.320 回答
7
您可以通过以下方式检查密码是否正确:
u.check_password("your password")
这种方法u.set_password("you password")可以解决你所有的问题。
sha1$f0971$441cac8f604d49869e33ca125a76253a02fef64e是:
哈希函数算法$盐$哈希码
于 2019-09-17T16:00:34.600 回答
6
no. and there shouldn't be. as part of the security, passwords are passed through a one-way function before they are saved, so that they aren't reveled if the database is compromised
what you can do is replace the user's password with one you know. this is how (good) site's "forgot your password" functions work: they send you a new random password, not your old one, since they (shouldn't) have access to it
于 2012-05-16T15:57:50.917 回答
4
不,该字段包含密码的加盐哈希。从字符串我们知道它是 SHA1 函数。如果您有密码,您将能够生成与足迹相同的哈希值。出于安全原因,现在应该有办法以经济的方式恢复密码(您仍然可以暴力破解,但需要很长时间)。,
于 2012-05-16T16:01:24.637 回答
0
您无法获取现有密码,因为该密码已转换为盐哈希。
于 2021-09-18T14:55:20.903 回答