On 15/11/13 18:42, Erik van Zijst wrote: > How do people feel about this approach and should it be merged into > Django? If not, then I can turn it into a library instead. Maybe at our > size we're not in Django's sweet spot anymore. However, in their current > version the recommended hashers are just not usable for us.
>From my point of view, this is definitely something for an external library, not for Django itself. The additional complexity makes it much harder to review from a security point of view, and easier to make mistakes when deploying, and we want to avoid that. Also, many people will not need the additional performance, and we don't want to make it easy for people to use a less secure option just because they want a really fast site or something. It seems like this can work fine as external code, and so I can't see a reason why this needs to be in Django itself. Thanks, Luke -- "DO NOT DISTURB. I'm disturbed enough already." Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/5295D76B.8010606%40cantab.net. For more options, visit https://groups.google.com/groups/opt_out.
