I agree, and my basic idea was to enable the use of a stronger algo
than sha1, which is breakable too. Hashlib supports sha256 and sha
512. As I said in the ticket comment adding the app secret key could
mitigete the danger of a brute force attack on the sql dump of the
database.
On 29 Ago, 20:29
> Maybe I'm wrong but this patch define DEFAULT_ALGO at "django
> installation" level. I think it shoud be defined at prject level.
> something like this
>
try:
> ... DEFAULT_ALGO = settings.DEFAULT_ALGO
> ... except NameError:
> ... DEFAULT_ALGO = 'sha1'
>
> does refer to project s
Maybe I'm wrong but this patch define DEFAULT_ALGO at "django
installation" level. I think it shoud be defined at prject level.
something like this
>>> try:
... DEFAULT_ALGO = settings.DEFAULT_ALGO
... except NameError:
... DEFAULT_ALGO = 'sha1'
does refer to project settings have some s
> thanks opend ticket #8647
Attached is a patch against contrib/auth/models.py that should
add an "algo" parameter to set_password so it takes an algorithm.
-tim
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"
thanks opend ticket #8647
On 28 Ago, 16:55, Rajesh Dhawan <[EMAIL PROTECTED]> wrote:
> Hi Sam,
>
> I'm tring to figure out how to use crypt algorithm for user password.
>
> > looking at the code (http://code.djangoproject.com/browser/django/
> > trunk/django/contrib/auth/models.py) lin 175 there
Hi Sam,
I'm tring to figure out how to use crypt algorithm for user password.
> looking at the code (http://code.djangoproject.com/browser/django/
> trunk/django/contrib/auth/models.py) lin 175 there is no way to use
> other than sha1.
You're right that algo='sha1' is hard coded in User.set_pas
6 matches
Mail list logo
