[Django] #20917: Change the password hashers when testing

Wed, 14 Aug 2013 05:18:22 -0700 

#20917: Change the password hashers when testing
-----------------------------------+--------------------
     Reporter:  mjtamlyn           |      Owner:  nobody
         Type:  New feature        |     Status:  new
    Component:  Testing framework  |    Version:  master
     Severity:  Normal             |   Keywords:
 Triage Stage:  Unreviewed         |  Has patch:  0
Easy pickings:  0                  |      UI/UX:  0
-----------------------------------+--------------------
 Disclaimer: I'm not completely sure this is a good idea as a default.

 The default password hasher is very secure, and very slow to create
 passwords. This is never an issue in production, but in testing it is
 *amazingly* slow. Most of the time using the unsalted MD5 hasher as
 `settings.PASSWORD_HASHERS[0]` has resulted in a six-fold increase in
 speed in my test suites. To be honest, I think we could use a "non-
 hashing" hasher in these cases.

 I'd like to change the "default" to insert this new non-hashing hasher as
 `settings.PASSWORD_HASHERS[0]` during `setup_test_environment()`. For
 anyone who does not know about this trick, their test suits will
 automatically speed up. Any tests expecting a certain hasher to have been
 used when creating would fail in a backwardsly incompatible manner. Any
 fixtures or similar with passwords created using another hasher would
 still be valid, but would then update to be the raw password on success.
 Of course, to validate these passwords the password text would need to be
 included in plain text in the test suite (See #20916 for an alternative
 solution to this issue).

 Other comparable setting changes done in this way include: turning off
 translations, using the console email backend, removing allowed_hosts
 checking, turning debug off.

 Am I mental, or is this a sensible optimisation?

-- 
Ticket URL: <https://code.djangoproject.com/ticket/20917>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/051.adb5d5858a006054bf28fcc6dc75f69f%40djangoproject.com.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to