Hi, I've started using Django recently and when I've used the auth module I noticed that it only verifies a plain text password. I'm not comfortable with this behaviour as it means that passwords have to be sent by login forms in plain text.
In previous projects of mine I've used a solution that sent involved comparing a hash value of a given salt with the hash of the password (which is stored in the database). A salt is sent with the login form and upon submission, using javascript the salt is concated with a hahed password and then both of them are hashed again. The same thing happens in the server-side and only the result hashes are compared. This eliminates the need to send the password in plain-text in the login forms and adds extra security. Is it possible to such thing with the current auth module? if not how hard it will be to add such functionality to the current module/write a new authentication backend for it? Thanks, Guy Rutenberg --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
