On Wed, Apr 20, 2016 at 07:42:26AM -0700, Arun S wrote:
> For ex, adding the Django Code Snippet for handling User names in the Login
> Page :
>
> default_username = (unicodedata.normalize('NFKD', default_username)
> So Django does follow Normalizing of Usernames usign NFKD Algorithm.
> Then applies Hashing Algorithms on this.Not really – the line of code you quoted above is only used to generate the default username in the createsuperuser management command, based on the current system account. The purpose there is to turn a string that potentially contains diacritics or other non-ASCII characters into a stripped-down ASCII-only version. The only other uses of Unicode normalization I found in Django are a similar case when slugifying strings, code that truncates strings to a certain length (where normalization is used to ensure that combining marks do not count as separate characters), and the handling of the decimal separator in decimal numbers. So no, Django does not normalize usernames. Django does not normalize anything, other than when stripping out all non-ASCII characters and diacritic marks from strings. > *But the same is never followed for Passwords.* > Is this done on Purpose that the HASHING algorithm takes care of whatever > required and Normalization isnt quite required for such purpose. > > Even the Django Documentation does'nt talk about Unicode Normalizing on > Passwords but you can still find it for Other forms of Text inputs. For the record, I personally think Unicode normalization is a reasonable feature request for Django, if nothing else, then at least because of the example with Unicode in passwords. However, I'm not certain at the moment which layers of Django deal with bytestrings, and which handle Unicode objects, and I have no idea where such handling would belong. I think it might be a good idea to bring this up on django-developers@ to see if other people think it is worth including in Django core or not. I would recommend describing specific cases where normalization is necessary. If this is just a hypothetical request, “just in case” some client sends denormalized requests (or with unusual normalization), but there are no actual existing client implementations that would to that, it's probably not worth the effort. Regards, Michal -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/20160420180200.GG1129%40koniiiik.org. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: Digital signature
