I have a flask app that stores user data in a postgres database. The user will provide a password that they will use to get access to their data. They provide this password through a react app that will communicate with a spring boot backend to retrieve the data from the postgres database. The user can share this data to others by providing a unique url and the password they used to access it. The user is aware that the password they create could be shared with others before they have their personal data stored. The user providing the password does not need to make an account and neither do the other users that get access to the data. I'm not looking to store the password as plain text.
What would be the best approach to this password storing and sharing feature?
CodePudding user response:
Your user ID is the password.
Have a page on the frontend that allows a user to generate a password. On the backend store that as a user.
Then all the data generated is keyed to that generated password/user id. When the data needs to be shared you can create a URL that links back to the generated password in a secure way which will let you figure out what data can be accessed
CodePudding user response:
Storing and sharing plaintext passwords is always a bad idea. So I would recommend some sort of a (salted) hash that is being stored and shared. See for example this blog-post about salted hashes that also contains some example code.