Browse files

Added note to releases/1.4.txt about contrib.auth user password hash-…

…upgrade sequence. Thanks, ericholscher

git-svn-id: bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
1 parent dd246a6 commit ebc6fc9354c857bc0ac00895175c2575b01b1bd7 @adrianholovaty adrianholovaty committed Mar 12, 2012
Showing with 11 additions and 0 deletions.
  1. +11 −0 docs/releases/1.4.txt
@@ -777,6 +777,17 @@ instance:
* Time period: The amount of time you expect user to take filling out
such forms.
+* ``contrib.auth`` user password hash-upgrade sequence
+ * Consequences: Each user's password will be updated to a stronger password
+ hash when it's written to the database in 1.4. This means that if you
+ upgrade to 1.4 and then need to downgrade to 1.3, version 1.3 won't be able
+ to read the updated passwords.
+ * Remedy: Set :setting:`PASSWORD_HASHERS` to use your original password
+ hashing when you initially upgrade to 1.4. After you confirm your app works
+ well with Django 1.4 and you won't have to roll back to 1.3, enable the new
+ password hashes.

0 comments on commit ebc6fc9

Please sign in to comment.