I want to create a webpage using django which, when requested, presents a form asking for all kinds of user input including the user password. When submitted, a concurrent task should be started, which takes the user input as arguments and does all kinds of calculations.
Note that
the task has to be started concurrently, since the calculations can take a while and I want to inform the user immediately that his task has been accepted - I want to keep him up to date about his task in another view.
the plaintext user password is part of the task arguments. It has to be, since the calculations involve encryption operations which rely on the password.
Now I would just use celery and django_celery_results as result backend for this goal (and already started using it), when I noticed: Whoa... django_celery_results stores the plaintext password as part of the task kwargs in the database. That's not cool. Also the whole RabbitMQ messaging of the plaintext password seems a bit unsecure to me, after reading the celery security documentation. And who knows in which logs celery writes the passwords.
To sum it up: celery and other task qeues not seem to be designed to handle sensible informations as arguments. I really just need to start a simple concurrent task, update its status and store its result in the database. I want to stay purely in python3 and django. Any recommendations?
Edit:
- I do not want to use javascript for this. I want to use serverside form validation and start the asynchronous task there.
- Applying reduction functions, hash functions or any other transformations to the user password does not solve the problem. Whatever I supply my task queue with, needs to be sufficient to perform the encryption/decryption operations and is therefore highly sensible.
- I search for a solution where the plaintext password is only stored in memory
