Fixed #20079 -- Improve security of password reset tokens #1218

wants to merge 1 commit into


None yet

1 participant

erikr commented May 25, 2013

Improvement of #1170 with comments in

The use of UNUSABLE_PASSWORD_PREFIX is now limited to the auth hashers, and one case in the auth forms, where we need to make the distinction between an unusable password, and a password hashed with an unknown algorithm (is_usable_password will just return False for either situation).

erikr commented Jun 18, 2013

No longer cleanly applies to master, new PR: #1280

@erikr erikr closed this Jun 18, 2013
@erikr erikr deleted the unknown repository branch Jun 18, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment