For example:
username:zjm1126
password:11
I store the password to the datastore on gae. When I see the data view at /_ah/admin, I can see the password of all people that have registered.
Is it safe to do so? If not, how to store it properly?
And the check_password method is:
user=MyUser.get_by_key_name(self.request.get('username'))
if user.password == self.request.get('password'):
session['user.key']=str(user.key())
else:
raise Exception('error 404')
You should never store a password in plain text.
Use a ir-reversable data hashing algorithm, like sha or md5
Here is how you can create a hash in python:
from hashlib import sha256
from random import random
random_key = random()
sha256('%s%s%s'%('YOUR SECRET KEY',random_key,password))
You should also store the random key and hash the user supplied password similarly.