Chris, then the password is the hash itself. It doesn't really have any security benefits.
Disclaimer: I'm not a security expert On 14 Jan 2017 18:24, "Chris Priest" <cp368...@ohio.edu> wrote: > The way django's authentication system works is that when you register, > you send the password to the server, then the server runs that password > through some hashing algorithms, then the resulting hash is stored in the > database. When the user logs in, the password again is sent to the server, > and the hash is calculated and then compared to the hash that was > calculated when they registered. > > This results in the plain text password not being stored in the database, > but the password is still being sent back to the server. A better way would > be for the hash to be calculated on the front end, in javascript, and then > sent back to be stored in the database. This way, the user *knows for sure* > that the password isn't being saved in plain text because the server > doesn't even know the plain text password. > > Has anyone ever tried building an authentication system that worked this > way? If someone built such a thing, could it get included in django contrib? > > -- > You received this message because you are subscribed to the Google Groups > "Django developers (Contributions to Django itself)" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-developers+unsubscr...@googlegroups.com. > To post to this group, send email to django-developers@googlegroups.com. > Visit this group at https://groups.google.com/group/django-developers. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/django-developers/440694cb-853e-4150-a356- > 1f176f59b3c7%40googlegroups.com > <https://groups.google.com/d/msgid/django-developers/440694cb-853e-4150-a356-1f176f59b3c7%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CALs0z1bHYebAL0DPxOiamtMJ%2B8YDXbepHN%2BUFVH0nXMbh6dZRA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
