#5600: Patch to enhance cryptography on django.contrib.auth
--------------------------------+-------------------------------------------
Reporter: petrilli | Owner: nobody
Status: new | Component: Contrib apps
Version: SVN | Resolution:
Keywords: auth user crypto | Stage: Design decision needed
Has_patch: 1 | Needs_docs: 0
Needs_tests: 1 | Needs_better_patch: 0
--------------------------------+-------------------------------------------
Changes (by ekarulf):
* cc: [EMAIL PROTECTED] (added)
Comment:
I submitted bug #5787, which is a specific instance of this feature
request.
I'm not a huge fan of trying to implement our own password storage system
and I would much rather implement a known standard (or provide support to
use known standards).
In the [attachment:ticket:5787:django-bcrypt.diff patch] for #5787, I
included some code that pulled the password format details out of the User
model. I like that as it clarifies the abstraction between the hashing
implementations and the User class.
My two cents:
* Pull all the password formatting out of the User model
* The convert_password addition is great, but I would rather see a second
configuration setting than a magic number of 10 (for salt length)
I'd love to see the core team make a decision on this, as the alternative
at the moment is to invalidate the user's passwords and manage them in the
user's profile.
--
Ticket URL: <http://code.djangoproject.com/ticket/5600#comment:8>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
