-2

I'm trying to store an password into a sqlite database here's the error: 

Traceback (most recent call last):
  File "/media/luis/Vista/Users/Administrador/PycharmProjects/PNV/sqlitetesting.py", line 33, in <module>
    """, encriptado)
TypeError: function takes exactly 1 argument (2 given)

I'm using python 2.7, sqlite3 and hashlib. Here's the code: 

    print "Password nao definida"
passadefinir = raw_input("Insira a sua password:")
clear()
passadefinir2 = raw_input("Insira novamente a sua password")
if passadefinir == passadefinir2:
    maindb.execute("DELETE FROM Password WHERE ID = 'not'")
    maindb.execute("INSERT INTO Password(ID) VALUES ('set')")
    encriptacao = hashlib.sha1(passadefinir2.encode())
    encriptado = (encriptacao.hexdigest(),)
    print (encriptado)
    maindb.executescript("""
    UPDATE Password
    SET Password = ?
    WHERE ID = 'set';
    """, encriptado)
    conn.commit()
jonrsharpe
  • 115,751
  • 26
  • 228
  • 437
Luís Duarte
  • 39
  • 1
  • 7
  • Why `maindb.executescript`? Why not just `maindb.execute`? – phd Jul 05 '17 at 19:04
  • @phd It worked replacing `maindb.executescript` to `maindb.execute`. Before this I used a script so I've forgotton to change it. Thanks – Luís Duarte Jul 05 '17 at 19:11
  • Just using a hash function is not sufficient and just adding a salt does little to improve the security. Instead iterate over an HMAC with a random salt for about a 100ms duration and save the salt with the hash. Use a function such as `PBKDF2`, `Rfc2898DeriveBytes`, `password_hash`, `Bcrypt` or similar functions. The point is to make the attacker spend a lot of time finding passwords by brute force. – zaph Jul 05 '17 at 21:39

1 Answers1

0

Use maindb.execute instead of maindb.executescript:

maindb.execute("""
UPDATE Password
SET Password = ?
WHERE ID = 'set';
""", encriptado)
Pang
  • 9,564
  • 146
  • 81
  • 122
phd
  • 82,685
  • 13
  • 120
  • 165