Re: [Django] #16860: Provide hooks for password policy

Thu, 29 Sep 2011 18:08:40 -0700 

#16860: Provide hooks for password policy
------------------------------+------------------------------------
     Reporter:  PaulM         |                    Owner:  nobody
         Type:  New feature   |                   Status:  new
    Component:  contrib.auth  |                  Version:  1.3
     Severity:  Normal        |               Resolution:
     Keywords:                |             Triage Stage:  Accepted
    Has patch:  0             |      Needs documentation:  0
  Needs tests:  0             |  Patch needs improvement:  0
Easy pickings:  0             |                    UI/UX:  0
------------------------------+------------------------------------
Description changed by PaulM:

Old description:

> While it is possible to change the validation for new passwords by
> subclassing the form, I think that Django should provide a more friendly
> interface for this. We should have a pluggable password authentication
> framework which enforces no rules by default, but comes with several
> reasonable example policies which may be enabled.
>
> Problems to be solved include:
>
>  * Informing the user of the various password requirements
>  * Allowing policies to chain together smoothly
>  * Provide flexibility for complex requirements (some may include their
> own models)
>  * Backwards compatibility
>  * Javascript validation assistance (someday, maybe?)
>  * HTML5 support (i.e. the pattern attribute)

New description:

 While it is possible to change the validation for new passwords by
 subclassing the form, I think that Django should provide a more friendly
 interface for this. We should have a pluggable password authentication
 framework which enforces no rules by default, but comes with several
 reasonable example policies which may be enabled.

 Problems to be solved include:

  * Informing the user of the various password requirements
  * Allowing policies to chain together smoothly
  * Provide flexibility for complex requirements (some may include their
 own models)
  * Backwards compatibility
  * Javascript validation assistance (someday, maybe?)
  * HTML5 support (i.e. the pattern attribute)
  * Support for various rate-limiting and lockout schemes
  * support for adding captchas (maybe)

--

-- 
Ticket URL: <https://code.djangoproject.com/ticket/16860#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Reply via email to