Please,
What the best mode to implement login using Flask-Restful and SqlAlchemy (with MySql)?
I'm using it and I need create a login page (using HTML + JS). What the best mode of capture the login information and send to my REST using Flask? And what the best mode to crypto password and save (and read) in the database?
I made it in other tecnnologies but not in Flask.
Thanks!
Realize that if the password implementation is not secure the users are put at risk.
Send the password to the server with HTTPS and preferwbly in a POST, not in the query string where it may be logged by the server.
On the server save the password as a password verifier. Just using a hash function is not sufficient and just adding a salt does little to improve the security. Instead iterate over an HMAC with a random salt for about a 100ms duration and save the salt with the hash. Better yet use a function such as PBKDF2, Rfc2898DeriveBytes, password_hash, Bcrypt, passlib.hash or similar functions. The point is to make the attacker spend a substantial of time finding passwords by brute force.