Ask coding questions

← Back to all posts
Auth system
VulcanWM

I have my own signup and login system and I’m going to be using the same login system in several of my projects and I don’t want to the repeat the same code again (and MongoDB only lets me connect my cluster from 5 different places).
So I’ve decided to make an auth system (something like Repl Auth).
But I don’t know how to make something like that especially I’ve stored all my data using Python, and I’m scared that if others use it they might find out other user’s usernames and passwords.
Do you think I should make an app route in a flask app with the username and password (something like /login/<username>/<password>) and add a function which tells if the username and password is correct or not? Or should I do something else? If I should do something else, what should I do?
Thanks

Answered by HarperframeInc [earned 5 cycles]
View Answer
Voters
VulcanWM
Comments
hotnewtop
HarperframeInc

Tips:

  • POST request with an SSL certificate allows encrypted data to pass from browser to server.

  • Hash your passwords.

VulcanWM

I’ve done the password hashing bu what do you mean by the first point? @HarperframeInc

HarperframeInc
VulcanWM

Thanks I’ll try it out @HarperframeInc

RoBlockHead

I'd suggest using a system such as OAuth2 or ReplAuth as opposed to implementing a custom auth system. If you get one thing wrong with a custom system, everything will be compromised. I like the GitHub OAuth2 system because it is relatively easy to use.

VulcanWM

I’m just using this myself it’s not for other people to use @RoBlockHead