On 11/30/06, Felix Ingram <[EMAIL PROTECTED]> wrote: > The 'right' way of securing an application is very much dependant on > the application itself and the function it is trying to perform. > Storing password hashes is a way to mitigate the risks associated with > someone gaining access to the database. There may be cases where this > is not appropriate.
And in those cases, someone who doesn't want a hashed password can easily write a custom auth backend (which is an extremely simple thing to do), or a user profile module which stores the plaintext password. In general, I think this is a tradeoff we've had to make to have Django be as useful as it is -- the goal isn't to satisfy *every* case out of the box, but to satisfy *common* cases out of the box with the ability to extend things as needed. And in my experience doing web development, wanting secure password storage is the much more common case ;) -- "May the forces of evil become confused on the way to your house." -- George Carlin --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---