James Bennett wrote:
> Someone in the IRC channel tonight was asking why the built-in User
> model, when rendered by formfields, doesn't render the password field
> as an input of type "password", and it struck me that this is a good
> question, because there are plenty of use cases where you'd want that
> behavior to happen.
>
> The question, then, is: what would be a good way to handle this in
> Django? There are three possible responses that occur to me:
>
> 1. Allow an option in model definitions to indicate that a field is
> security-sensitive; e.g.: password = models.CharField(secure=True).
> 2. Allow an option, similar to the above, to be specified in the
> creation of custom manipulators.
> 3. Do nothing in Django itself, and advise people to just hard-code
> the appropriate input type into their templates.
hmm.. what about this:
class Passwordtest(Model):
password = meta.PasswordField(hashfn = my_password_hasher)
def my_password_hasher(password):
return
this would work the following way:
1. when it is saved (somewhere around pre_save), the hash-value would be
calculated, and that would be stored in the db
2. the admin-interface would generate a standard type-password-twice
style gui
i understand that #1 can be achieved with a normal pre-save... but the
same can be said about many of the fields (urlfield, emailfield and so
on). i think that passwords are common enough that a field dedicated for
them would be necessary.
gabor
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-developers
-~----------~----~----~----~------~----~------~--~---
