subject:"\[Django\] #10777\: AuthenticationForm.is_valid after validation should reset password field for security reason"

Re: [Django] #10777: AuthenticationForm.is_valid after validation should reset password field for security reason

2010-08-29 Thread Django

#10777: AuthenticationForm.is_valid after validation should reset password field
for security reason
-+--
  Reporter:  trebor74hr  | Owner:  nobody  
Status:  closed  | Milestone:  
 Component:  Authentication  |   Version:  SVN 
Resolution:  fixed   |  Keywords:  security
 Stage:  Design decision needed  | Has_patch:  1   
Needs_docs:  0   |   Needs_tests:  0   
Needs_better_patch:  0   |  
-+--
Changes (by SmileyChris):

  * status:  new => closed
  * resolution:  => fixed

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-upda...@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #10777: AuthenticationForm.is_valid after validation should reset password field for security reason

2010-08-29 Thread Django

#10777: AuthenticationForm.is_valid after validation should reset password field
for security reason
-+--
  Reporter:  trebor74hr  | Owner:  nobody  
Status:  new | Milestone:  
 Component:  Authentication  |   Version:  SVN 
Resolution:  |  Keywords:  security
 Stage:  Design decision needed  | Has_patch:  1   
Needs_docs:  0   |   Needs_tests:  0   
Needs_better_patch:  0   |  
-+--
Comment (by SmileyChris):

 Fixed in [13498]

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-upda...@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #10777: AuthenticationForm.is_valid after validation should reset password field for security reason

2010-08-29 Thread Django

#10777: AuthenticationForm.is_valid after validation should reset password field
for security reason
-+--
  Reporter:  trebor74hr  | Owner:  nobody  
Status:  new | Milestone:  
 Component:  Authentication  |   Version:  SVN 
Resolution:  |  Keywords:  security
 Stage:  Design decision needed  | Has_patch:  1   
Needs_docs:  0   |   Needs_tests:  0   
Needs_better_patch:  0   |  
-+--
Comment (by trebor74hr):

 Is this duplicate to #13316?

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-upda...@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #10777: AuthenticationForm.is_valid after validation should reset password field for security reason

2009-10-13 Thread Django

#10777: AuthenticationForm.is_valid after validation should reset password field
for security reason
-+--
  Reporter:  trebor74hr  | Owner:  nobody  
Status:  new | Milestone:  
 Component:  Authentication  |   Version:  SVN 
Resolution:  |  Keywords:  security
 Stage:  Design decision needed  | Has_patch:  1   
Needs_docs:  0   |   Needs_tests:  0   
Needs_better_patch:  0   |  
-+--
Comment (by SmileyChris):

 Hi kc9ddi,

 If you want to promote tickets, the django-dev google group is a better
 place to do it.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en
-~--~~~~--~~--~--~---

Re: [Django] #10777: AuthenticationForm.is_valid after validation should reset password field for security reason

2009-10-13 Thread Django

#10777: AuthenticationForm.is_valid after validation should reset password field
for security reason
-+--
  Reporter:  trebor74hr  | Owner:  nobody  
Status:  new | Milestone:  
 Component:  Authentication  |   Version:  SVN 
Resolution:  |  Keywords:  security
 Stage:  Design decision needed  | Has_patch:  1   
Needs_docs:  0   |   Needs_tests:  0   
Needs_better_patch:  0   |  
-+--
Comment (by kc9ddi):

 Would strongly encourage adopting the suggested type of behavior.  Not
 only is it potentially more secure, but it seems to be the most common
 behavior in use for most login forms users encounter on the internet.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en
-~--~~~~--~~--~--~---

Re: [Django] #10777: AuthenticationForm.is_valid after validation should reset password field for security reason

2009-05-25 Thread Django

#10777: AuthenticationForm.is_valid after validation should reset password field
for security reason
-+--
  Reporter:  trebor74hr  | Owner:  nobody  
Status:  new | Milestone:  
 Component:  Authentication  |   Version:  SVN 
Resolution:  |  Keywords:  security
 Stage:  Design decision needed  | Has_patch:  1   
Needs_docs:  0   |   Needs_tests:  0   
Needs_better_patch:  0   |  
-+--
Changes (by SmileyChris):

  * needs_better_patch:  => 0
  * stage:  Unreviewed => Design decision needed
  * version:  1.1-beta-1 => SVN
  * needs_tests:  => 0
  * needs_docs:  => 0

Comment:

 Here's the correct fix...

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en
-~--~~~~--~~--~--~---

[Django] #10777: AuthenticationForm.is_valid after validation should reset password field for security reason

2009-04-10 Thread Django

#10777: AuthenticationForm.is_valid after validation should reset password field
for security reason
+---
 Reporter:  trebor74hr  |   Owner:  nobody
   Status:  new |   Milestone:
Component:  Authentication  | Version:  1.1-beta-1
 Keywords:  security|   Stage:  Unreviewed
Has_patch:  1   |  
+---
 When you use django.contrib.auth.views.login for login procedure it works
 like classic form:
  - GET - creates empty AuthenticationForm object
  - POST - validates usr/pwd against auth backend
  - POST - if ok then you're being logged in and redirected to somewhere
  - POST - if not ok - then you're again on the same page with information
 that credentials are not ok, and the form is already filled with username
 and password which you typed in on the page before.

 In last case (POST FAIL) the password travels client->server->client. I
 think the last server->client travel is not needed and can be treated as
 security issue. Why to pre-fill the password field when it is false
 anyway, and why to expose password over the network twice, when it could
 be exposed only once. I didn't had time to investigate how to solve this
 exactly, but my suggestion is to do work on the
 AuthenticationForm.is_valid overridden method (can be seen in diff file I
 attach). Diff is against r1105.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en
-~--~~~~--~~--~--~---

Re: [Django] #10777: AuthenticationForm.is_valid after validation should reset password field for security reason

Re: [Django] #10777: AuthenticationForm.is_valid after validation should reset password field for security reason

Re: [Django] #10777: AuthenticationForm.is_valid after validation should reset password field for security reason

Re: [Django] #10777: AuthenticationForm.is_valid after validation should reset password field for security reason

Re: [Django] #10777: AuthenticationForm.is_valid after validation should reset password field for security reason

Re: [Django] #10777: AuthenticationForm.is_valid after validation should reset password field for security reason

[Django] #10777: AuthenticationForm.is_valid after validation should reset password field for security reason

7 matches

Site Navigation

Mail list logo

Footer information