Fixed #20079 -- Improve security of password reset tokens #1218

Closed
wants to merge 1 commit into
from

Projects

None yet

1 participant

Member
erikr commented May 25, 2013

Improvement of #1170 with comments in https://code.djangoproject.com/ticket/20079#comment:8

The use of UNUSABLE_PASSWORD_PREFIX is now limited to the auth hashers, and one case in the auth forms, where we need to make the distinction between an unusable password, and a password hashed with an unknown algorithm (is_usable_password will just return False for either situation).

Member
erikr commented Jun 18, 2013

No longer cleanly applies to master, new PR: #1280

@erikr erikr closed this Jun 18, 2013
@erikr erikr deleted the unknown repository branch Jun 18, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment