我最近正在使用Pyqt5开发一个程序,并将自己打造成一个小软件
该软件需要用户名和密码才能登录,我希望设置用户名和密码一次,以安全的方式保存,并防止具有我的代码\访问权限的人登录到我的软件
到目前为止,我所做的是使用keyring模块设置密码,并使用passlib对其进行哈希运算,最终在对密码进行哈希运算后保存密码。 当用户尝试登录时,该代码获取输入的密码,并将其与keyring文件中的散列密码进行比较
因此,这些问题的答案是:
以下是密码哈希脚本:
from passlib.context import CryptContext
import keyring
# create CryptContext Object
context = CryptContext(
schemes=["pbkdf2_sha256"],
default="pbkdf2_sha256",
pbkdf2_sha256__default_rounds=50000
)
def password_encrypter (password):
# hash password
hashed_password = context.hash(password)
return hashed_password
def password_hiding (password):
# Gets password from user and encrypt it
hashed_password = password_encrypter(password)
# Hides The Password
keyring.set_password("service_name", "user_name", hashed_password)
check_if_hashed = context.verify(password, hashed_password)
password1 = keyring.get_password("service_name", "user_name")
# Just for testing
print ("password from user" , password)
print ("hashed password : " ,hashed_password)
print("password from keyring: " , password1)
return password1
def password_validatation (password):
hidden_password = password_hiding(password)
check_if_hashed = context.verify(password, hidden_password)
print(check_if_hashed)
return check_if_hashed
# Test
password_validatation("my_password")
我还添加了登录脚本:
from PyQt5 import QtWidgets
# from mainwindow import Ui_MainWindow
from qtwidgets import PasswordEdit
from .password_generator import password_validatation
class Login(QtWidgets.QDialog):
def __init__(self, parent=None):
super(Login, self).__init__(parent)
self.textName = QtWidgets.QLineEdit(self)
self.textPass = PasswordEdit()
self.buttonLogin = QtWidgets.QPushButton('Login', self)
self.buttonLogin.clicked.connect(self.handleLogin)
layout = QtWidgets.QVBoxLayout(self)
layout.addWidget(self.textName)
layout.addWidget(self.textPass)
layout.addWidget(self.buttonLogin)
def handleLogin(self):
password = password_validatation(self.textPass.text())
if (self.textName.text() == 'user_name' and
self.textPass.text() == True):
self.accept()
else:
QtWidgets.QMessageBox.warning(
self, 'Error', 'Bad user or password!')
class Window(QtWidgets.QMainWindow):
def __init__(self, parent=None):
super(Window, self).__init__(parent)
# self.ui = Ui_MainWindow()
# self.ui.setupUi(self)
def main():
import sys
app = QtWidgets.QApplication(sys.argv)
login = Login()
if login.exec_() == QtWidgets.QDialog.Accepted:
window = Window()
window.show()
sys.exit(app.exec_())
if __name__ == '__main__':
main()
使用keyring保存的密码已保存在操作系统密码的“安全存储”中
是的,它依赖于操作系统自身的安全机制
如果有人可以访问您计算机上的会话,他们可以使用或不使用代码访问安全存储。您的代码没有明显的安全缺陷,此时您的安全性仅限于操作系统的会话访问
相关问题 更多 >
编程相关推荐