I'm agreeing with the other replies saying that if this is really needed,
it can be done as a third-party module.
As much as possible, I want to have Django avoid promoting outdated
security policies (and the fact that many places still use them doesn't
mean they're current; it means they haven't
Mehmet,
If you need such complexity validators, then they are easy to add as
package. I think the reason why Django doesn't include more is that many
use Oauth2 or other corporate authentication to validate.
You can see how this is done in one case by looking at
Hi everybody,
the information is not enough for my company in
django.contrib.auth.models.Usre and django.contrib.auth.models.Group. So I
custom User and Team model.
the auth User can be changed in the django settings by AUTH_USER_MODEL. But
the Group cannot.
Further, There are many group
2 points I forgot to mention:
1) I think it would be interesting to look at what other web frameworks are
doing, e.g., Ruby on Rails
2) If what I offered is not added, I think it makes more sense to remove
similar ones (e.g., NumericPasswordValidator) from Django to make it self
consistent.
Hey James,
Thank you for the resources you provided. I really learned a lot. Here are a
few points (references/details at the very bottom):
1) Blacklisting: Seems to be most effective, I agree. However, Django does not
seem to be up to date on this either. The list of 1000 most common password
I agree with James and Adams, password validation rules depend on business and
should not be forced by core onto developers
> On Aug 31, 2018, at 12:52 PM, Adam Johnson wrote:
>
> I agree with James, Django core shouldn't include these. If your organization
> requires you to implement such
Details are available on the Django project weblog:
https://www.djangoproject.com/weblog/2018/aug/31/bugfix-release/
--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop
I agree with James, Django core shouldn't include these. If your
organization requires you to implement such practices despite their
problems, add your own password validators, and maybe distribute them in a
third party package!
On Fri, 31 Aug 2018 at 06:32, James Bennett wrote:
> This type of