In fact, there is an accepted ticket: https://code.djangoproject.com/ticket/16860
It may be better to try out the "AppConfig setting" route as discussed in https://groups.google.com/d/topic/django-developers/qnnCLppwA3o/discussion rather than adding a new top level setting. Perhaps you can try to address some of the questions posed in that ticket as well. On Tuesday, August 5, 2014 1:09:02 PM UTC-4, Keith Hackbarth wrote: > > First of all, apologies in advance if this is not the right place for this > or if this topic has already been brought up. Long time listener, first > time caller. > > I would like to propose having some sort of password validation layer that > can be activated every time a user's password is created or changed. > > > Here's the core of my problem: > > I've worked on a few different Django-based applications. Where possible, > we've tried to leverage the contrib.auth module when it comes to user > management. Eventually, we will fall under some sort of compliance (SOX, > PCI, HIPAA, etc.) and need to enact the security best practices. These > *always* include enforcing password length, complexity, etc.. > > My problem is there ends up being a bunch of places were the password can > be changed: our website via emailed password reset, our website via > password change form, the admin console, our REST api for mobile, etc.. I > end up needing to create a bunch of custom overrides forms and functions. > And make sure our other team members know to do the same. > > I've come up with a few solutions that I'd love to share them with the > community. However, the level that they are implemented at make them > difficult to just include in Django as a separate third-party module / > application. > > Anyway, looking through various forums, I see that I'm not the first > person to have this problem. I was wondering what people thought about > having a configurable password validation function that gets called within > auth every time a password is changed? > > In settings.py it could look like this: > > AUTH_PASSWORD_VALIDATION = 'account_mgnt.validators.password' > > by default it would be > > AUTH_PASSWORD_VALIDATION = None > > > > > > -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/f38beb0b-b38b-4126-a65a-dbc060d27c67%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
