Re: Suggestion for starting contribution to Django

Hi Faraz, Django Chat podcast episode *Contributing to Django * helped me a lot, where Carlton and Will talked about how the journey could be like for the beginners. Hope that helps. Cheers Shekhar On Fri, Sep 4, 2020 at 4:58 AM Faraz Khan wrote: >

Re: Suggestion for starting contribution to Django

Thank you ! I'll look into this. On Thu, Sep 3, 2020 at 10:59 PM Carlton Gibson wrote: > > Here’s a link to the issue tracker, showing the open tickets for > contrib.staticfiles. > > Of course I then fail to paste the link.  > > Here’s the link: > >

Re: Suggestion for starting contribution to Django

> Here’s a link to the issue tracker, showing the open tickets for contrib.staticfiles. Of course I then fail to paste the link.  Here’s the link: https://code.djangoproject.com/query?status=assigned=new=contrib.staticfiles=id=summary=status=component=owner=type=version=1=id C. -- You

Re: Suggestion for starting contribution to Django

Hi Hasan. Welcome. Let’s see if we can get you started. Begin with the Contributing Guide: https://docs.djangoproject.com/en/3.1/internals/contributing/ You don’t have to read it all to start.  Checkout the Advice for New Contributors, and then see if you can get set-up with the Unit

Suggestion for starting contribution to Django

Hello Mentors and contributors, I am an undergrad CS student. And I was actually looking for some suggestions from your side. I am planning to apply for GSoC next year. I was planning to start making contributions in Django. I am already familiar with Django and packaging, but I have never

Re: Logging in from one browser logs me out from other browsers (after any change in PBKDF2PasswordHasher.iterations)

On Thursday, September 3, 2020 at 11:10:39 AM UTC+2 Adam Johnson wrote: > You could also move to use the Argon2 hasher, which does not have any > chagnes between versions to log out users: > https://docs.djangoproject.com/en/3.0/topics/auth/passwords/#using-argon2-with-django > Or a custom

Re: Logging in from one browser logs me out from other browsers (after any change in PBKDF2PasswordHasher.iterations)

You could also move to use the Argon2 hasher, which does not have any chagnes between versions to log out users: https://docs.djangoproject.com/en/3.0/topics/auth/passwords/#using-argon2-with-django It's also considered more secure. As the docs say: Argon2 is not the default for Django because

Re: Logging in from one browser logs me out from other browsers (after any change in PBKDF2PasswordHasher.iterations)

> On 3 Sep 2020, at 10:57, Tom Forbes wrote: > > You might have a point regarding the frequency of bumping the PBKDF iteration > setting. Is bumping it 5 times in 13 months really required? It was more like 40 months. For 1.11: May 20, 2016

Re: Logging in from one browser logs me out from other browsers (after any change in PBKDF2PasswordHasher.iterations)

On Thu, Sep 3, 2020 at 11:57 AM Tom Forbes wrote: > You might have a point regarding the frequency of bumping the PBKDF > iteration setting. Is bumping it 5 times in 13 months really required? On > the other hand you might want to consider staying on the LTS releases and > avoid issues such as

Re: Logging in from one browser logs me out from other browsers (after any change in PBKDF2PasswordHasher.iterations)

Hi, To conclude, I think it would be better to change the number of iterations not every 8 months, but every 2 years (with a new LTS release). אורי u...@speedy.net On Thu, Sep 3, 2020 at 10:29 AM Florian Apolloner wrote: > I do not think there is anything to reopen because it works as

Re: Logging in from one browser logs me out from other browsers (after any change in PBKDF2PasswordHasher.iterations)

You might have a point regarding the frequency of bumping the PBKDF iteration setting. Is bumping it 5 times in 13 months really required? On the other hand you might want to consider staying on the LTS releases and avoid issues such as this, and the issue you’re describing is quite niche.

Re: Logging in from one browser logs me out from other browsers (after any change in PBKDF2PasswordHasher.iterations)

Hi, On Thu, Sep 3, 2020 at 11:23 AM Shai Berger wrote: > > Please be aware that this is a security issue. The passwords are > encrypted as protection for the case that they fall into the hands of > an attacker, but for this protection to be effective, it must stay hard > and costly to

Re: Logging in from one browser logs me out from other browsers (after any change in PBKDF2PasswordHasher.iterations)

Hi Uri and all, On Thu, 3 Sep 2020 08:37:42 +0100 Adam Johnson wrote: > I agree with Florian. > Me too. > The occasional forced logout is probably fine. If you care about this > enough Uri, you could write a blog post documenting your patch and > how to use it when upgrading Django. > But:

Re: Logging in from one browser logs me out from other browsers (after any change in PBKDF2PasswordHasher.iterations)

I agree with Florian. The occasional forced logout is probably fine. If you care about this enough Uri, you could write a blog post documenting your patch and how to use it when upgrading Django. On Thu, 3 Sep 2020 at 08:29, Florian Apolloner wrote: > I do not think there is anything to reopen

Re: Logging in from one browser logs me out from other browsers (after any change in PBKDF2PasswordHasher.iterations)

I do not think there is anything to reopen because it works as designed. Password changes cause other browser sessions to be terminated because the session auth hash no longer matches. You can use a custom user model and override `get_session_auth_hash` but the defaults won't change, sorry.