Skip to content
Browse files

Removed 1.6 release note text regarding password limit length.

This changed was reverted in 5d74853.
  • Loading branch information...
1 parent 7e5d7a7 commit d97bec5ee3a6284d30b613c9070588a60358e7ec @timgraham timgraham committed
Showing with 0 additions and 16 deletions.
  1. +0 −16 docs/releases/1.6.txt
16 docs/releases/1.6.txt
@@ -810,22 +810,6 @@ as JSON requires string keys, you will likely run into problems if you are
using non-string keys in ``request.session``. See the
:ref:`session_serialization` documentation for more details.
-4096-byte limit on passwords
-.. note::
- This behavior was also added in the Django 1.5.4 and 1.4.8 security
- releases.
-Historically, Django has imposed no length limit on plaintext
-passwords. This enables a denial-of-service attack through submission
-of bogus but extremely large passwords, tying up server resources
-performing the (expensive, and increasingly expensive with the length
-of the password) calculation of the corresponding hash.
-Django now imposes a 4096-byte limit on password length, and will fail
-authentication with any submitted password of greater length.

0 comments on commit d97bec5

Please sign in to comment.
Something went wrong with that request. Please try again.