Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Fixed #18182 -- Raw password echoed on authentication if no hashing used #35

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
2 participants
Contributor

MoritzS commented May 1, 2012

contrib.auth.hashers.is_password_usable now checks if the encoded string
contains a $ character. For backward compatibilty to unsalted md5 hashes all
encoded 32-character-long strings without a $ character are assumed to be
usable. check_password won't return True for a 32-character-long plain
password, though.

Fixed #18182 -- Raw password echoed on authentication if no hashing used
contrib.auth.hashers.is_password_usable now checks if the encoded string
contains a $ character. For backward compatibilty to unsalted md5 hashes all
encoded 32-character-long strings without a $ character are assumed to be
usable. check_password won't return True for a 32-character-long plain
password, though.
Member

claudep commented Jun 9, 2012

A new implementation using identify_hasher has been uploaded to the ticket.

@claudep claudep closed this Jun 9, 2012

@MoritzS MoritzS deleted the MoritzS:patch18182 branch Sep 17, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment