In fact, there is an accepted ticket: https://code.djangoproject.com/ticket/16860
It may be better to try out the "AppConfig setting" route as discussed in https://groups.google.com/d/topic/django-developers/qnnCLppwA3o/discussion rather than adding a new top level setting. Perhaps you can try to address some of the questions posed in that ticket as well. On Tuesday, August 5, 2014 1:09:02 PM UTC-4, Keith Hackbarth wrote: > > First of all, apologies in advance if this is not the right place for this > or if this topic has already been brought up. Long time listener, first > time caller. > > I would like to propose having some sort of password validation layer that > can be activated every time a user's password is created or changed. > > > Here's the core of my problem: > > I've worked on a few different Django-based applications. Where possible, > we've tried to leverage the contrib.auth module when it comes to user > management. Eventually, we will fall under some sort of compliance (SOX, > PCI, HIPAA, etc.) and need to enact the security best practices. These > *always* include enforcing password length, complexity, etc.. > > My problem is there ends up being a bunch of places were the password can > be changed: our website via emailed password reset, our website via > password change form, the admin console, our REST api for mobile, etc.. I > end up needing to create a bunch of custom overrides forms and functions. > And make sure our other team members know to do the same. > > I've come up with a few solutions that I'd love to share them with the > community. However, the level that they are implemented at make them > difficult to just include in Django as a separate third-party module / > application. > > Anyway, looking through various forums, I see that I'm not the first > person to have this problem. I was wondering what people thought about > having a configurable password validation function that gets called within > auth every time a password is changed? > > In settings.py it could look like this: > > AUTH_PASSWORD_VALIDATION = 'account_mgnt.validators.password' > > by default it would be > > AUTH_PASSWORD_VALIDATION = None > > > > > > -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/f38beb0b-b38b-4126-a65a-dbc060d27c67%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.