AuthenticationForm.is_valid after validation should reset password field for security reason
|Reported by:||Robert Lujo||Owned by:||nobody|
|Cc:||Triage Stage:||Design decision needed|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
When you use django.contrib.auth.views.login for login procedure it works like classic form:
- GET - creates empty AuthenticationForm object
- POST - validates usr/pwd against auth backend
- POST - if ok then you're being logged in and redirected to somewhere
- POST - if not ok - then you're again on the same page with information that credentials are not ok, and the form is already filled with username and password which you typed in on the page before.
In last case (POST FAIL) the password travels client->server->client. I think the last server->client travel is not needed and can be treated as security issue. Why to pre-fill the password field when it is false anyway, and why to expose password over the network twice, when it could be exposed only once. I didn't had time to investigate how to solve this exactly, but my suggestion is to do work on the AuthenticationForm.is_valid overridden method (can be seen in diff file I attach). Diff is against r1105.
Change History (8)
comment:1 Changed 7 years ago by
|Patch needs improvement:||unset|
|Triage Stage:||Unreviewed → Design decision needed|
|Version:||1.1-beta-1 → SVN|