#20079: Improve security of password reset tokens
-------------------------------------+-------------------------------------
Reporter: jacob | Owner: viciu
Type: Bug | Status: assigned
Component: contrib.auth | Version: master
Severity: Normal | Resolution:
Keywords: dceu13 | Triage Stage: Ready for
Has patch: 1 | checkin
Needs tests: 0 | Needs documentation: 0
Easy pickings: 0 | Patch needs improvement: 0
| UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by erikr):
The fix for #20593 breaks PR 1218.
I have made a new PR in https://github.com/django/django/pull/1280, which
cleanly applies. The only other change I made was replace the magic number
for the number of random characters to add, with a defined
`UNUSABLE_PASSWORD_SUFFIX_LENGTH`.
--
Ticket URL: <https://code.djangoproject.com/ticket/20079#comment:12>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/063.a7d06e6e79e6b3c97e32ca83e2aa2ae8%40djangoproject.com.
For more options, visit https://groups.google.com/groups/opt_out.
