Get full access to Python Programming Blueprints and 60K+ other titles, with a free 10-day trial of O'Reilly.

There are also live events, courses curated by job role, and more.

Hashing our user passwords

Now that we know how to store passwords more securely, let's amend our create method to hash our passwords before storing them in the database. Firstly, at the top of our users.py dependency file, let's add bcrypt to our imports and add a new constant:

import bcrypt 
 
HASH_WORK_FACTOR = 15

Our new constant, HASH_WORK_FACTOR will be used for the rounds argument that gensalt uses. I've set it to 15, which will cause it to take slightly longer to create password hashes and check passwords, but it will be more secure. Please feel free to set this as you wish; just bare in mind that the more you increase this, the longer it will take for our application to create and authenticate users later on.

Now, outside any classes, ...

Get Python Programming Blueprints now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Don’t leave empty-handed

Get Mark Richards’s Software Architecture Patterns ebook to better understand how to design components—and how they should interact.

It’s yours, free.

Get it now

Check it out now on O’Reilly

Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.

Start your free trial Become a member now