Changes between Initial Version and Version 1 of Ticket #15367, comment 7


Ignore:
Timestamp:
Sep 12, 2011, 8:38:09 AM (13 years ago)
Author:
Jannis Leidel

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #15367, comment 7

    initial v1  
    11Hm, in the patch, why is this being put in `django.utils` instead of staying in `django.contrib.auth`? I'm asking cause I've specifically created `django.contrib.auth.utils` a couple of weeks ago in trunk. What about having this in `django.contrib.auth.hashing`
    22
    3 Also, mind elaborating how the `PASSWORD_HASHERS` setting is supposed to be used? It seems a bit cumbersome to specify the setting if it can't be used like the `DATABASES` or `CACHES` setting. From what I understand is you only want to be able to specify the default hasher (atm the first item in the tuple, yuck) and some options. But switching the password hasher or changing an option of a password hasher isn't a common use case and therefor shouldn't be exposed like that as a multi-value setting. Instead subclassing and setting a single setting (named `AUTH_PASSWORD_HASHER`) ought to be enough, e.g.::
     3Also, mind elaborating how the `PASSWORD_HASHERS` setting is supposed to be used? It seems a bit cumbersome to specify the setting if it can't be used like the `DATABASES` or `CACHES` setting. From what I understand is you only want to be able to specify the default hasher (atm the first item in the tuple, yuck) and some options.
     4
     5Switching the password hasher or changing an option of a password hasher isn't a common use case and therefor shouldn't be exposed like that as a multi-value setting. Instead subclassing and setting a single setting (named `AUTH_PASSWORD_HASHER`) ought to be enough, e.g.::
    46
    57{{{
    6     AUTH_PASSWORD_HASHER  = 'mysite.security.MyCustomBCryptPasswordHasher'
     8AUTH_PASSWORD_HASHER  = 'mysite.security.MyCustomBCryptPasswordHasher'
    79}}}
    810
Back to Top