1、django 自带的加密方法:make_password() 和 check_password
- 前置准备:
①:setting 中先注册 PASSWORD_HASHERS:
PASSWORD_HASHERS = (
'django.contrib.auth.hashers.PBKDF2PasswordHasher',
'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
'django.contrib.auth.hashers.BCryptPasswordHasher',
'django.contrib.auth.hashers.SHA1PasswordHasher',
'django.contrib.auth.hashers.MD5PasswordHasher',
'django.contrib.auth.hashers.CryptPasswordHasher',
)
②:使用前先导入并声明允许debug:
from django.conf import settings
settings.configure(DEBUG=True)
- 使用:
①:make_password(password, salt=None, hasher='default')
password:需要加密的密码
salt:自我认为相当于 key,默认为None,为None时每次生成的密文不同,指定时每次生成的密文相同
hasher:加密方式,默认为:pbkdf2_sha256
- 代码以及结果:
①:不指定salt:
pwd = '123456'
mpwd1 = make_password(pwd)
print('密文1: ', mpwd1)
mpwd2 = make_password(pwd)
print('密文2: ', mpwd2)
mpwd3 = make_password(pwd)
print('密文3: ', mpwd3)
pwd_bool = check_password(pwd, mpwd1)
print('匹配结果1: ', pwd_bool)
pwd_bool = check_password(pwd, mpwd2)
print('匹配结果2: ', pwd_bool)
pwd_bool = check_password(pwd, mpwd3)
print('匹配结果3: ', pwd_bool)
结果:
密文1: pbkdf2_sha256$260000$qz2nspxfQp9zwXvsN8JDK3$+Dy9F6ODL1mCs/e1JxDNjB6JgSNMsr1df0U4QBbOY5U=
密文2: pbkdf2_sha256$260000$6u7vxLcMoRy365YX8nxAFJ$Aui3l/L6ACCh6AM+oBBqgFk5rhiACwNRWlZPrGGlyYg=
密文3: pbkdf2_sha256$260000$D1bo7hixUMTasAWi2jrybM$0XZ3dtnh2UShjsPe0IE5xhmi2oCjpLkScOZTkj/q1eo=
匹配结果1: True
匹配结果2: True
匹配结果3: True
②:指定salt:
pwd = '123456'
mpwd1 = make_password(pwd, 'abc')
print('密文1: ', mpwd1)
mpwd2 = make_password(pwd, 'abc')
print('密文2: ', mpwd2)
mpwd3 = make_password(pwd, 'abc')
print('密文3: ', mpwd3)
pwd_bool = check_password(pwd, mpwd1)
print('匹配结果1: ', pwd_bool)
pwd_bool = check_password(pwd, mpwd2)
print('匹配结果2: ', pwd_bool)
pwd_bool = check_password(pwd, mpwd3)
print('匹配结果3: ', pwd_bool)
结果:
密文1: pbkdf2_sha256$260000$abc$Bg9wcsmkNCHw/PEI1gVJkY0enw+nRUoHPAFxZoPJrW0=
密文2: pbkdf2_sha256$260000$abc$Bg9wcsmkNCHw/PEI1gVJkY0enw+nRUoHPAFxZoPJrW0=
密文3: pbkdf2_sha256$260000$abc$Bg9wcsmkNCHw/PEI1gVJkY0enw+nRUoHPAFxZoPJrW0=
匹配结果1: True
匹配结果2: True
匹配结果3: True
本文详细介绍了Django中用于密码加密的make_password函数和验证密码的check_password函数。通过设置不同的加密算法和盐值,展示了它们在实际应用中的用法。在不指定盐值的情况下,每次加密结果不同,但都能通过check_password正确验证;而指定盐值后,加密结果相同,依然能成功匹配。这为Django应用程序的安全性提供了保障。
951

被折叠的 条评论
为什么被折叠?



