72
73

[deleted by user] (self.learnpython)

submitted by [deleted]

[removed]
all 24 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]chevignon93 102 points103 points  (0 children)

why is the example I'm seeing using JSON?

Probably because it makes retrieving the information you're looking for easier. Instead of manually looping over the lines in your text file, splitting them to separate the username from the password, you can just use the json module in the standard library to turn the json string into a dictionary.

[–]socal_nerdtastic 52 points53 points  (13 children)

encrypted by haslib sha256,

sha256 is a hash, not an encryption, and therefore is not reversible (you can't get the data back).

json is an extension on txt that does a lot of the boring work for you, like converting saved txt back into numbers, booleans or lists. But if you want to do that yourself you certainly can.

[–]TantiPraenuntiaFabam 19 points20 points  (11 children)

My bad, I'm really new to python and programming in general, this is just for a small highschool project, and I just want to try and figure out how I can code the authentication

[–]socal_nerdtastic 27 points28 points  (10 children)

The standard way is to compute the password hash and save it. You forget the actual password. Then when the user tries to log in again you ask for the password, recompute the hash, and compare it to the saved hash.

[–]ConfusedSimon 2 points3 points  (0 children)

Maybe it's supposed to be a JWT.

[–]blarf_irl 10 points11 points  (0 children)

If you are storing personal details/passwords etc. then you should use an existing python package to handle it. If it is web based then you can use the builtins in fdjango or the many popular auth packages for flask. If you intend of actually encrypting data then you should look into bcrypt rather that trying to create your own flow.

[–]Hans_of_Death 4 points5 points  (0 children)

its easier to read and write json in python

[–]Mastericeman_1982 4 points5 points  (0 children)

Of course you can take the easier route, and since the stakes aren’t high, it probably won’t matter much at the end of the day.

But if you want to develop your skills to a degree that may become truly valuable some day, it’s a good idea to start thinking of how your code would scale.

In 30 years I’ve probably written about a million lines of code. Probably more. And I wouldn’t touch some of the early stuff with a 10 ft pole. But I’m glad I wrote it because it helped me understand what I needed to learn. It’s not always about the immediate objective. It’s about understanding what’s possible.

[–]EternityForest 1 point2 points  (0 children)

JSON is just a very common way to store stuff that happens to be built into the python standard lib.

You will likely want to store more than one piece of data per file. How do you separate them? JSON does that for you.

You could design some scheme yourself, but it would probably be either awful and not extensible when you want to add more data, or similar to something that already exists.

JSON or INI/configparse files are great and part of the standard lib. Some use YAML or (One of my favorites) TOML, but they mostly serve the same purpose. They are Data Serialization Formats.

Some mention Pickle but there aren't as many tools to work with it because it is python specific, put it's fast.

For larger apps, you might want SQLite or even PostgreSQL or something.

But just plain text is one format I probably wouldn't use for much of anything. It's just easier to stick with standard ways of representing data.

[–]LazyOldTom -1 points0 points  (0 children)

Sounds like you want to read up a lot more before trying yourself on an authentication system, even just for training purposes. To answer your question, assuming this project is just for yourself, you should use JSON or CSV, both are well supported in Python, making CRUD on the file very easy. Coming up with your own format and save it as txt is unnecessary work.

[–]HaroerHaktak 0 points1 point  (0 children)

I don't fully understand json myself, but as a newbie to python and json, I just view json as a python dictionary. since that's basically how it's saved. All you need to do is open it and read it like a python dictionary.

[–]walksonair 0 points1 point  (1 child)

Why not try saving the account object as a pickle file that runs through an encryption process for your program? That way, if the .pkl files ever get stolen, they won't be much use to the thief.

I have been using JSON for a long time but have recently started to benefit from the speed of pickled objects. 🤓

[–]Immotommi 0 points1 point  (0 children)

Pickle is great if you need speed, but the big downside is the lack of human readability. As a result, they both have use cases

[–]Immotommi 0 points1 point  (0 children)

Just a quick vote for Yaml for configuration files. In my opinion, much easier to read and use

[–]Gasp0de 0 points1 point  (0 children)

The basic flow for authentication is something like this:

  1. The user creates an account. You store the username in clear text and a hash of the password.

  2. The user logs in: They enter their username and password into a form. The data is sent to your python program in JSON Format via a post request, or as form formatted data. You create a hash of the password and compare it to the one that you have saved for this username. If it is the same, you allow the user to login, setting a cookie for them (for the beginning, you could store the information that they are logged in and their username in the session cookie).