If you want to get this into Django, I think you'll need to provide a solid proof of concept that shows you can work around the objections raised in this thread (graceful degradation, backwards compatibility) and, more importantly, that shows this is something actually useful and wanted.
It would be pretty easy for you to create a custom widget and authentication back-end that uses your library. Package it up, throw it on github, and see what people think. You don't need permission from the Django devs to do that. Zain On Mon, May 4, 2009 at 6:10 AM, Paul Johnston <[email protected]> wrote: > > Hi, > > > There's still a benefit, because you're sending passwords in the clear > > much less frequently--an imperfect improvement is still an > > improvement. (Similarly, self-signed SSL certificates are much more > > secure than plaintext, despite what your browser's ill-conceived > > warnings might want you to believe.) But with these limitations, it > > may not be worth the bother for most people. > > Yep, that's exactly it, it has limitations, but is an improvement. > > If my authentication library supported this out of the box, it would > be no bother, and worth it for most people. > > Paul > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
