Archive for the ‘Articles’ Category.
All too often when registering at a site I’ll get prompted with a message along the lines of: “Password must be between 6 and 12 characters long and cannot contain special characters.” The second I see that a little warning goes off in my head that they are probably storing the password as plain-text in their database or that at least they aren’t hashing it. The only other time I get so worried about website password security is when they actually send me my password in an email after registration.
The bottom-line is that there should never be a case where there are password limitations such as special characters or maximum length. Why should you care if I decide to have a dollar sign, ampersand, or apostrophe in my password? Why is that considered bad? I mean, as long as you are hashing it (like you should be), it doesn’t matter, right?
Same goes for password length. Since the hashes produced are a constant length, saying that the password would take up too much space in the database is an invalid argument. If I want my password to be the first sentence of my 6th grade report on Leif Erickson, then I should be able to. It’s all about being able to remember and there exist plenty of pass-phrases that’d be easier to remember than any 8-character long password.
What about potential DoS attack with using a really long password? That is almost a valid reason for length restriction since hashing algorithms can be quite intensive on larger bodies of text, but how difficult can it be to spot and block those users with malicious intent?
What password verification should look like
No character limitation. No maximum length limitation. What’s really left?
def is_valid_password(password, min_length=6):
return len(password) >= min_lengthIndeed, the only check that should be required is a minimum length. And even that’s a stretch. Beyond being sure that the password isn’t easily guessable, I see no reason for password restrictions in a world of fixed-length hashing.
I’ve just started learning Python WSGI (PEP-333) and thought the best way to learn would be to write some WSGI tools myself. Most recently, I chose to write a middleware application that converts all output into valid gzipped data. In this article, I will be demonstrating how my middleware gzipper works and how to implement it.
Continue reading ‘Python WSGI Middleware for automatic Gzipping’ »
Recently, I needed a quick and simple solution to buffer output of a few Python scripts. When I went to look for a module, I was astonished to find that one didn’t exist. I quickly decided to change this. In this article, we’ll discuss simple ways to buffer output using StringIO and I’ll introduce my output buffering module that I constructed.
Continue reading ‘Simple Output Buffering in Python’ »
A great thing about working in Python is that it provides you with numerous methods of string formatting and interpolation. Unfortunately, it isn’t as implicit as it is in PHP, where just using double-quotes will parse the string. In Python at the very minimum string interpolation requires the use of the modulo operator (%) or a custom-built function. In this article, we’ll discuss building a string interpolation function using the string.Template object and Python 3.0′s format method.
Continue reading ‘Near-Implicit String Interpolation in Python’ »
XOR encryption is a great solution to go with when a task requires that a piece of data is encrypted with a key when one doesn’t have the means to use a more well-rounded algorithm. I’ve used it on a few occasions with great success. In this document, we’ll discuss how to code the XOR cipher in Python and we’ll cover the pros and cons of using it.
Continue reading ‘XOR Encryption With Python’ »
The ternary operator can be incredibly useful in numerous situations in Python, which is why I’m surprised that prior to Python 2.5, there was no standard way of using one. In this article, we’ll cover the ternary operator that was added in Python 2.5 along with the numerous ways that people emulated the operator before then.
Continue reading ‘Ternary Operator in Python – People got Clever’ »
