id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
15627	check_password should use constant_time_compare instead of == to check passwords	Harro	nobody	"I just noticed django doesn't use the constant_time_compare function in the check_password function in contrib.auth.models.

I'll add a patch that changes it, would be nice to have this little bit extra security in the 1.3 release."		closed	contrib.auth	1.3-rc		fixed			Ready for checkin	1	0	0	0	0	0