I agree that instructions should be clearer on the importance of
adding password strength rules. We can all agree there is no one size
fit all solution to password strength, but a standard default would be
helpful for production.
I recently attempted to use the cracklib module on webfaction but it
caused errors on import, so I settled on using a regex. Adding
cracklib as an external dependency may be one of the biggest concerns
here.
>>> import cracklib
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File
"/home/username/.virtualenvs/env/lib/python2.5/site-packages/cracklib.py",
line 28, in <module>
from _cracklib import FascistCheck
ImportError:
/home/username/.virtualenvs/env/lib/python2.5/site-packages/_cracklibmodule.so:
undefined symbol: GetDefaultCracklibDict
password1 = forms.RegexField(regex=r'[a-za-z...@#$%^&+=]{8,}',
max_length=50,
widget=forms.TextInput(attrs=attrs_dict),
help_text='Password must be at least 8 characters.',
required=True,
label=_("Password"),
error_messages={'invalid':"Password must be at least 8
characters, sorry."})
Tom
On Fri, Nov 26, 2010 at 12:57, Serge Spaolonzi (Cobalys.com)
<[email protected]> wrote:
> Hi,
> I have been working with Django for two years, in order to fit my
> systems requirements i have changes some parts of the Django code, One
> of them the Authorization Framework i have added the next features:
>
> -Password Strength Validation with cracklib.
> -Maximum Login attempts.
>
> I want to ask for those features and merge my code with the official
> Django code.
>
> This is my code for the password strength validation:
>
> Line 156 from Method clean_new_password2(self) from /django/contrib/
> auth/forms.py:
>
> def clean_new_password2(self):
> password1 = self.cleaned_data.get('new_password1')
> password2 = self.cleaned_data.get('new_password2')
> if password1 and password2:
> import crack
> # Increase the number of credits required from the default of 8
> if you want.
> crack.min_length = 8
> try:
> crack.VeryFascistCheck(password1)
> except ValueError, message:
> raise forms.ValidationError("Weak Password, %s." %
> str(message))
>
> if password1 != password2:
> raise forms.ValidationError("Passwords do not match.
> Please try again.")
> return password2
>
>
> Original Method:
>
> def clean_new_password2(self):
> password1 = self.cleaned_data.get('new_password1')
> password2 = self.cleaned_data.get('new_password2')
> if password1 and password2:
> if password1 != password2:
> raise forms.ValidationError(_("The two password fields
> didn't match."))
> return password2
>
>
> -That code i have published includes the import statement inside the
> method, i did that only to avoid post the entire file here. The code i
> have is more clean.
> -It requires cracklib and python-cracklib
>
>
> I have more code to publish but i want to start with this.
> Opinions?
>
> Thanks
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/django-developers?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
