On Jan 6, 10:37 am, Luke Plant <l.plant...@cantab.net> wrote:
> On Wednesday 06 January 2010 04:24:15 Elias Torres wrote:
> > Thanks Luke for your explanation. I think I have learned something
> > here in terms of my own application security independent of
> > Dja
On Jan 5, 2:33 pm, Luke Plant <l.plant...@cantab.net> wrote:
> On Tuesday 05 January 2010 16:53:17 Elias Torres wrote:
>
> > Simon,
>
> > I'm not a security expert by any means, but I really the fact that
> > you're making use of HMACs in your design. I will ask a
oops.. I mean really *like*. Thanks.
On Jan 5, 12:09 pm, Karen Tracey <kmtra...@gmail.com> wrote:
> On Tue, Jan 5, 2010 at 11:53 AM, Elias Torres <el...@torrez.us> wrote:
>
> > I'm not a security expert by any means, but I really the fact that
> > you're maki
of discovering people's passwords with a dump from a Django
application is really small.
[1] http://benlog.com/articles/2008/06/19/dont-hash-secrets/
[2] http://code.djangoproject.com/svn/django/trunk/django/contrib/auth/models.py
Regards,
Elias Torres
On Jan 4, 7:47 am, Simon Willison <