actually upon further reading the document it seems it specifies on how to handle unicode, it tells how unicode strings whould be stored.
if that's the case then it is not a django problem but a python problem. if you are on python 3 then you are using unicode strings, python handles that for you. if you are running on python 2 I believe django uses explicit unicode strings, you should double check that. On Wed, Apr 20, 2016 at 4:32 PM, Arun S <[email protected]> wrote: > Does that mean that Unicode Normalisation is a very weak and unsecure way > for passwords? > > In this case, what is the actual Usage of Unicode Normalization ? > Why exactly do we need something like a Unicode Normalization ? > > Offcourse django provides various ways to strengthen and vallidate the > passwords. > that can be used. > > But also Observed is that the Django Code does the Unicode Normalization > for User names and Email Ids using NKFD Normalisation Algorithm. > > > On Wednesday, April 20, 2016 at 6:51:18 PM UTC+5:30, Avraham Serour wrote: >> >> in summary: "Unicode Normalization Forms are formally defined >> normalizations of Unicode strings which make it possible to determine >> whether any two Unicode strings are equivalent to each other" >> >> as I see this would be highly unsecure for passwords, this is something >> like converting special characters to latin characters, or forcing lower >> case only >> >> On Wed, Apr 20, 2016 at 4:16 PM, Arun S <[email protected]> wrote: >> >>> let me try to clear my question. >>> >>> please correct me if am wrong. >>> basically all I want to know is that there already exists a number of >>> Unicode normalization forms. >>> Reference >>> >>> Unicode normalization forms: http://unicode.org/reports/tr15/#Norm_Forms >>> >>> so as I said as a part of a company norms, the project needs to follow >>> certain csdl standards and according to that it states that all passwords >>> shall be normalised according to the ref mentioned and then convert then to >>> a utf8 which then follows thru the hashing process. >>> >>> so since the major part of the project uses djangos frameworks, I >>> believe that the user authentication methods used already applies the >>> hashing algorithms. >>> >>> but what I could not figure out is that >>> 1: does django apply any such normalization process for the user >>> passwords. >>> 2: how is it different between a normalised password and then hashed >>> with djangos hashing algorithm s and a non normalised password just saved >>> after hashing. >>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Django users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> Visit this group at https://groups.google.com/group/django-users. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/django-users/69f70909-215e-4daa-a770-a10b3c2de63a%40googlegroups.com >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/django-users. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/9b11feda-914f-4516-9841-2dad8084654b%40googlegroups.com > <https://groups.google.com/d/msgid/django-users/9b11feda-914f-4516-9841-2dad8084654b%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAFWa6tJXTupQ0L3niFjJNu-ObocuEQAGcJPRd0-5JcZRf_gJ8w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
