How can I mail a decrypted 'current password' to a django user just created. eg I create a customer by inheriting the User model. Hence the user name and password get saved. Once the customer details are entered and saved. While overriding the save function for the customer form I trigger the send_mail function to send the mail to the admin_email specified on the form, and send the user name and password I entered on the form. It is observed that the password sent is hashed, of course for security. Is there a way in which I could decrypt it before sending it to the customer just created? I want to send it that way only. Please guide
Asked
Active
Viewed 1,216 times
1
-
3If the password is only stored in hashed form, see e.g. [this question](http://stackoverflow.com/questions/2717950) for an explanation of why you will not be able to recover the original password. Note that there is a difference between encryption (which is reversible) and hashing (which is not). – David Z Jan 02 '12 at 05:55
-
Thank you David for pointing out the difference between encryption and hashing. – user956424 Jan 02 '12 at 07:14
1 Answers
1
Sending raw password is a bad idea, it's not secure. If user forgets his password, reset password form should be used instead of finding raw password in mail inbox.
To answer your question I could suggest using form for getting raw password. If you'll have own form, you'll get access to all user-entered text, including password. Then you'll use that password to create new user and send email.
demalexx
- 4,661
- 1
- 30
- 34