Coder Social home page Coder Social logo

safe's Introduction

Safe

Is your password safe? Safe will check the password strength for you.

image

How it works

Safe will check if the password has a simple pattern, for instance:

  1. password is in the order on your QWERT keyboards.
  2. password is simple alphabet step by step, such as: abcd, 1357

Safe will check if the password is a common used password. Many thanks to Mark Burnett for the great work on 10000 Top Passwords.

Safe will check if the password has mixed number, alphabet, marks.

Installation

Install Safe with pip:

$ pip install Safe

If pip is not available, try easy_install:

$ easy_install Safe

Usage

It's very simple to check the strength of a password:

>>> import safe
>>> safe.check(1)
terrible
>>> safe.check('password')
simple
>>> safe.check('is.safe.password')
medium
>>> safe.check('x*V-92Ba')
strong
>>> strength = safe.check('x*V-92Ba')
>>> bool(strength)
True
>>> repr(strength)
'strong'
>>> str(strength)
'password is perfect'
>>> strength.valid
True
>>> strength.strength
'strong'
>>> strength.message
'password is perfect'

Environ Variables

  1. PYTHON_SAFE_WORDS_CACHE: cache words in this file, default is a tempfile
  2. PYTHON_SAFE_WORDS_FILE: words vocabulary file, default is the 10k top passwords

Other Implementations

  1. JavaScript: lepture/safe.js

safe's People

Contributors

lepture avatar lord63 avatar raulcd avatar rnt avatar holys avatar menghan avatar aqche avatar

Stargazers

avatar ASWAD MOHAMMED HARDI avatar avatar Cédric Bonhomme avatar GAURAV avatar avatar Mike avatar Taizeng Wu avatar Bernardo Gomes avatar avatar avatar Blake avatar Jack Neus avatar avatar snowdream avatar Stoyan Shopov avatar Jonathan Lai avatar menduo avatar Wayne avatar Martin Putniorz avatar Alexey Kinev avatar avatar Scott Fleckenstein avatar SHIMIZU Taku avatar Angus H. avatar Suchan An avatar tkizm1 avatar avatar Gao, Chao avatar dupola avatar amxku avatar Braden Ehrat avatar avatar caorong avatar Damon Zhao avatar avatar shajiquan avatar tiantianquan avatar Cosmo Du avatar Lixiang Liu avatar avatar Jonathan Barratt avatar Minho Ryang avatar John Deng avatar Huy Doan avatar Zaicheng Qi avatar avatar Huy Nguyen Quang avatar Jaehoon You avatar Neal Shyam avatar Heungsub Lee avatar Marcelo Fonseca Tambalo avatar Ilya Shaisultanov avatar avatar Yuwei Ba avatar Hong Minhee (洪 民憙) avatar Wu Haotian avatar Mark Steve Samson avatar Lixin Yu avatar Avelino avatar Zhipeng Liu avatar Chao Wang avatar

Watchers

avatar avatar James Cloos avatar hbc avatar avatar

Forkers

vmlinz pythonyxy rnt holys-archive lord63-forks 343829084 pradeeps raulcd icodein defartsa23

safe's Issues

There should be a way to bypass words-cache in order to avoid permissions issues

Hi,

I have several operating system users that can access my python environment and I would like to be able to import my code from all of them. When I try to import safe I face the following issue:

  File "/my_code", line X, in <module>
    import safe
  File "python2.7/site-packages/safe/__init__.py", line 68, in <module>
    WORDS = _load_words()
  File "python2.7/site-packages/safe/__init__.py", line 63, in _load_words
    with open(_cache_file, 'wb') as f:
IOError: [Errno 13] Permission denied: '/tmp/safe-0.4.words.cache'

I am able to bypass the issue by creating a temporary file every time so my new user can import and generates a new file.

try:
   import safe
except IOError:
   os.environ['PYTHON_SAFE_WORDS_CACHE'] = os.path.join(tempfile.gettempdir(),"safe-%s.words.cache" % time.time())
   import safe

That means it creates a different file:

testrunner@7b827fc0c77e:/code$ ls -lrt /tmp/
total 392
-rw-rw---- 1 userX userX 197151 Oct 29 16:06 safe-0.4.words.cache
-rw-rw---- 1 userY userY 197151 Oct 29 16:17 safe-1572365877.62.words.cache

I've been taking a look on the performance improvements on loading the cached file or not and in my use case the benefits are not worth it.

I would prefer to have a more secure environment, do not use pickle so no-one can execute arbitrary code in case someone modifies this file, instead of having the file of words cached. As the link shows in the documentation: Warning: The pickle module is not secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source.

I think Safe should allow a way of avoiding the cache to be generated or at least not do it on import time so the application doesn't fail in my use case.

I would be happy to work on a PR if that sounds a good idea and we can reach a design agreement.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.