#28881: Common password validator does not handle case correctly
-----------------------------------------+------------------------
Reporter: Nick Farrell | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 1.11
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-----------------------------------------+------------------------
The CommonPasswordValidator holds a set of common passwords in memory,
after strip()ing any whitespace.
While validating a password, it converts it to lowercase before comparing
to the set. However, the reference set was not converted to lowercase.
This is not a problem when using the default set of common passwords, as
they have been preprocessed to be lowercase. However, there is nothing in
the documentation indicating this preprocessing should occur.
--
Ticket URL: <https://code.djangoproject.com/ticket/28881>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/049.912b909ca439d3f38666b2d113de4042%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
