Secure login with Python credentials from user database


I like to create a secure login with Python but need to check the user table from a database, so that multiple users can log in with their own password. Mainly like this, works like a charm but not secured of course.

while True: USER = input("User: ") PASSWORD = getpass.getpass() db = sqlite3.connect("test.db") c = db.cursor() login = c.execute("SELECT * from LOGIN WHERE USER = ? AND PASSWORD = ?", (USER, PASSWORD)) if (len(login.fetchall()) > 0): print() print("Welcome") break else: print("Login Failed") continue

So then I tried hashing the password, work also of course, but then I can't store it on the database to check, so there is no check at all.

from passlib.hash import sha256_crypt password = input("Password: ") hash1 = sha256_crypt.encrypt( password ) hash2 = sha256_crypt.encrypt( password ) print(hash1) print(hash2) import getpass from passlib.hash import sha256_crypt passwd = getpass.getpass("Please enter the secret password: ") if sha256_crypt.verify( passwd, hash ): print("Everything worked!") else: print("Try again :(")

I tried like this so that the password hash would be taken from the database but with no success:

USER = input("User: ") db = sqlite3.connect("test.db") c = db.cursor() hash = "SELECT HASH FROM LOGIN WHERE USER = %s"%USER print(hash) passwd = getpass.getpass("Password: ") if sha256_crypt.verify( passwd, hash ): print("Everything worked!") else: print("Try again :(")

So my question is, what is the best way to create a secure login for my program? And I do need different logins for different users as stated in the user table. I did it on MySQL before but for testing purpose I'm now trying on sql3. So that doesn't matter. As long as I know how to approach this.


Really you should avoid doing this yourself at all. There are plenty of libraries that correctly implement this kind of authentication.

Nevertheless, the pattern to follow is like this:

<ul><li>Don't store the plain password in the database at all. When the user account is created, hash the password immediately and store that.</li> <li>When the user logs in, hash the value they enter for the password, then compare that against the value stored in the database already.</li> </ul>

(Note that for decent security, you not only need to use a modern hash algorithm but should also use a <a href="https://en.wikipedia.org/wiki/Salt_(cryptography)" rel="nofollow">salt</a>).


  • Is there a way to remove too many if else conditions?
  • Foreach loop using string to output XML
  • Count the rows with same ID in php
  • Content out of div PHP PDO
  • Query timeout expired in django-mssql when executing custom SQL directly
  • How can I count unique terms in a plaintext file case-insensitively?
  • Programmatically Update Linked Named Range of excel object in MS Word (2007)
  • Pre-populated SQLite Database not reading properly in Android Studio
  • Converting query results into DataFrame in python
  • Possible to get mouse events fired when cursor is outside page?
  • nonblocking BIO_do_connect blocked when there is no internet connected
  • Redux Form - Not able to type anything in input
  • Sort List of Strings By Version
  • Get history of file changes from TFS to implement custom “blame”-behaviour of exceptions
  • Remove final comma from string in vb.net
  • copying resource to sdcard gives a damaged file in android
  • Set the selected item in dropdownlist in MVC3
  • jQuery .attr() and value
  • Highlight one bar in a series in highcharts?
  • Recording logins for password protected directories
  • Is there any way to access browser form field suggestions from JavaScript?
  • Deselecting radio buttons while keeping the View Model in synch
  • Getting last autonumber in access
  • How to check if every primary key value is being referenced as foreign key in another table
  • MySQL WHERE-condition in procedure ignored
  • JSON with duplicate key names losing information when parsed
  • Display Images one by one with next and previous functionality
  • ORA-29908: missing primary invocation for ancillary operator
  • Jquery - Jquery Wysiwyg return html as a string
  • How to get next/previous record number?
  • Return words with double consecutive letters
  • Getting error when using KSoap library to consume .NET web services
  • How do you join a server to an Active Directory (domain)?
  • How does Linux kernel interrupt the application?
  • Reading document lines to the user (python)
  • Observable and ngFor in Angular 2
  • How to Embed XSL into XML
  • UserPrincipal.Current returns apppool on IIS
  • Conditional In-Line CSS for IE and Others?
  • Python/Django TangoWithDjango Models and Databases