I'm developing a Python application that requires user account management. I've looked into services like Cryptolens, but they seem way too pricey for my needs. I understand that I could set up a Flask server with a database, but I'm really concerned about security, especially since I don't have much experience in this area. What would be the best approach to securely manage user accounts?
6 Answers
Keycloak is an interesting option! You can self-host it and interact through its API—might be worth checking out if you're looking for a more robust solution.
Have you considered using Django? It has a lot of built-in features for handling user accounts and security, which can take a lot of the burden off your shoulders.
You should store a secret key in your environment to encrypt and decrypt credentials. If you decide on Flask, check out Miguel Grinberg's Flask Mega-Tutorial for a solid guide on user logins!
Here's a simple approach:
1. Create a front end for users to enter their passwords.
2. Hash those passwords and save the hashed versions in your database.
3. During login, check if the hashed input matches the stored hash.
Just make sure you never store plain text passwords in your database!
Firebase might be a good option too if you want a managed service that handles a lot of the security aspects for you.
Should I be worried about injections?