#14445: Use HMAC and constant-time comparison functions where needed in Django
------------------------------------+---------------------------------------
Reporter: lukeplant | Owner: nobody
Status: new | Milestone:
Component: Uncategorized | Version: 1.2
Resolution: | Keywords:
Stage: Unreviewed | Has_patch: 0
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 0 |
------------------------------------+---------------------------------------
Changes (by lukeplant):
* needs_better_patch: => 0
* needs_tests: => 0
* needs_docs: => 0
Comment:
Notes on patch:
* In most cases actually raising `PendingDeprecationWarning` wouldn't be
helpful, so I haven't done that.
* In every case there are tests for the hashes produced by Django 1.2
still being accepted.
* To make better tests for `FormWizard` I had to move the `tests.py` to a
`tests/__init__.py` in order to create a `tests/templates` directory. The
new tests are:
* `FormHmacTests`
* `PreviewTests`: test_form_submit_django12_hash,
test_form_submit_django12_hash_custom_hash
* `WizardTests`: test_bad_hash, test_good_hash_django12,
test_good_hash_django12_subclass, test_good_hash_django13
There are other uses of MD5/SHA1 that I haven't changed, because they are
not an application of MAC (for example, the generation of unique keys in
django/template/loaders/cached.py)
--
Ticket URL: <http://code.djangoproject.com/ticket/14445#comment:1>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
