Django authentication security check against LDAP

While studying the Authentication Views in Django I came across some of the build in views including password reset view. I got hang of its basic working mechanism while reading the documentation I encountered the line promoting the use of *set_unusable_password()* in Djagno authentication

Re: authentication security

On Dec 21, 10:35 am, Eric Chamberlain wrote: > On Dec 18, 2009, at 7:58 PM, macdd wrote: > > > I am reading the django book. I just finished the chapter on > > authentication. I get the jist of it. What I don't understand is the > > overall security of authentication. If everything

Re: authentication security

On Dec 18, 2009, at 7:58 PM, macdd wrote: > I am reading the django book. I just finished the chapter on > authentication. I get the jist of it. What I don't understand is the > overall security of authentication. If everything you do is passed as > plain text then it isn't very secure. Okay so

Re: authentication security

On Fri, Dec 18, 2009 at 6:58 PM, macdd wrote: > plain text then it isn't very secure. Okay so https comes in. What I > don't understand is when to use it and when not to. It seems like if > you authenticate over https just for user credentials and then go back > to http

authentication security

I am reading the django book. I just finished the chapter on authentication. I get the jist of it. What I don't understand is the overall security of authentication. If everything you do is passed as plain text then it isn't very secure. Okay so https comes in. What I don't understand is when to

Re: HIPAA, Django and User Authentication/Security

Peter, I don't disagree with you. However, based on Glen's security report ( I suspect they are using Nessus/Retina to produce the scan result i.e. CVE - Common vulnerabilities and exposure ),his question was: Does anyone know where to find such "stamp of approval" or "denial" from HIPAA's

Re: HIPAA, Django and User Authentication/Security

> You speak > of HIPAA which translates to FISMA requirements. I suspect they are complementary, not equivalent. > I assume your web > application i.e  MYSQL will be storing Personal Identifiable > Information (PII) such SSN, etc... In this case, you may have tough > battle getting your web

Re: HIPAA, Django and User Authentication/Security

Hi Glen, I am not a lawyer, so please bear that in mind. However, I do work for a major hospital, and have some experience with making IT systems compliant with HIPAA regulations. That said, it's been a few years since I was involved in that directly. So my experience may well be out of date.

Re: HIPAA, Django and User Authentication/Security

Jarvis, If you are looking for a 'Stamp of Approval', you may be looking at the wrong place. Django is an "Open Source" web framework which hasn't been formally certified and accredited by the US Government. You speak of HIPAA which translates to FISMA requirements. I assume your web

HIPAA, Django and User Authentication/Security

I have a customer who has a Django application that I have upgraded to Django 1.1. The customer wants to take this software in a more public arena. He has to get HIPAA approval. The data is stored in a MySQL database and the standard Django User Authentication model is used (out of the box