On Fri, Jan 30, 2009 at 5:36 PM, Guy Rutenberg <guyrutenb...@gmail.com> wrote: > I've started using Django recently and when I've used the auth module > I noticed that it only verifies a plain text password. I'm not > comfortable with this behaviour as it means that passwords have to be > sent by login forms in plain text. >
Actually in contrib.auth passwords are stored in SHA1. If you mean that passwords are sent in plain text "over the network" then you should use https. >>> from django.contrib.auth.models import User >>> User.objects.get(pk=1).password u'sha1$a0052$51520b2de8cf5aab6d8fc5bf5e7d09801376031a' Maybe you are confused because User has a method "check_password" that receives a parameter in plain text, but before the check your password is hashed. M. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---