Re: Django password reset modification

[Amanjeev Sethi]

I second that. Email is the 'postcard' of the internet world. I wouldn't
send plain text password through email(s) even while running HTTPS web based
email services.



On Sat, May 7, 2011 at 11:27 AM, Andy McKay  wrote:

>
> On 2011-05-05, at 9:36 PM, Phui-Hock wrote:
>
> On May 6, 4:22 am, Shawn Milochik  wrote:
>
> This is a bad idea for multiple reasons. Don't do it.
>
>
> Huh, care to explain, please?
>
>
> Because it means you are storing passwords in plain text. There are
> multiple posts on the internet about this. Here's a couple:
>
>
> http://blog.moertel.com/articles/2006/12/15/never-store-passwords-in-a-database
>
> http://www.codinghorror.com/blog/2007/09/youre-probably-storing-passwords-incorrectly.html
>
>
> 
> --
>   Andy McKay
>   a...@clearwind.ca
>   twitter: @andymckay
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>



-- 
AJ

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Django password reset modification

[Andy McKay]

On 2011-05-05, at 9:36 PM, Phui-Hock wrote:

> On May 6, 4:22 am, Shawn Milochik  wrote:
>> This is a bad idea for multiple reasons. Don't do it.
> 
> Huh, care to explain, please?

Because it means you are storing passwords in plain text. There are multiple 
posts on the internet about this. Here's a couple:

http://blog.moertel.com/articles/2006/12/15/never-store-passwords-in-a-database
http://www.codinghorror.com/blog/2007/09/youre-probably-storing-passwords-incorrectly.html

--
  Andy McKay
  a...@clearwind.ca
  twitter: @andymckay
 

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Django password reset modification

[Andre Terra]

What you *can* do is e-mail the user with a link to reactivate his password,
possibly requesting that he gives the right reply to a secret question. It's
a good compromise between ease and security.

On Fri, May 6, 2011 at 2:01 PM, DrBloodmoney  wrote:

> On Fri, May 6, 2011 at 12:36 AM, Phui-Hock  wrote:
> > On May 6, 4:22 am, Shawn Milochik  wrote:
> >> This is a bad idea for multiple reasons. Don't do it.
> >
> > Huh, care to explain, please?
>
> Please Please Please do not send plain text passwords via email. Please.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Django password reset modification

[DrBloodmoney]

On Fri, May 6, 2011 at 12:36 AM, Phui-Hock  wrote:
> On May 6, 4:22 am, Shawn Milochik  wrote:
>> This is a bad idea for multiple reasons. Don't do it.
>
> Huh, care to explain, please?

Please Please Please do not send plain text passwords via email. Please.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Django password reset modification

[Phui-Hock]

On May 6, 4:22 am, Shawn Milochik  wrote:
> This is a bad idea for multiple reasons. Don't do it.

Huh, care to explain, please?

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Django password reset modification

[Shawn Milochik]

This is a bad idea for multiple reasons. Don't do it.

--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Django password reset modification

[Rich]

Django framework comes with a reset password out of the box feature.
I would like to modify this to where a password is sent to the user
via e-mail. I looked at the code in django\contib\auth\views.py
I'm not sure how I can modify it.




Django Reset Password

The Django framework comes with support for resetting user passwords.
This is implemented for the Admin app, but it is possible to re-use
from your own screens.
URLs

The following four URLs are used in the password reset

(r'^accounts/password/reset/$',
'django.contrib.auth.views.password_reset',
{'post_reset_redirect' : '/accounts/password/reset/done/'}),
(r'^accounts/password/reset/done/$',
'django.contrib.auth.views.password_reset_done'),
(r'^accounts/password/reset/(?P[0-9A-Za-z]+)-(?P.+)/$',
'django.contrib.auth.views.password_reset_confirm',
{'post_reset_redirect' : '/accounts/password/done/'}),
(r'^accounts/password/done/$',
'django.contrib.auth.views.password_reset_complete'),

Templates

The following five templates are required. These are the templates for
the four urls pointed to from the urlpatterns above, plus one template
for the email.

* registration/password_reset_complete.html
* registration/password_reset_confirm.html
* registration/password_reset_done.html
* registration/password_reset_form.html
* registration/password_reset_email.html

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.