Opened 4 years ago

Closed 4 years ago

#27568 closed New feature (wontfix)

Add new Entropy Password Validator to django.contrib.auth.password_validation

Reported by: Alexander Ovchinnikov Owned by: nobody
Component: contrib.auth Version: master
Severity: Normal Keywords: auth password_validation password validation validator Shannon entropy
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

I inspired from https://github.com/tarak/django-password-policies/blob/master/password_policies/forms/validators.py#L267

I feel, we need such validator in django auth, enabled by default.

It can prevent passwords like 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'.

Change History (1)

comment:1 Changed 4 years ago by Tim Graham

Resolution: wontfix
Status: newclosed

This seems fine as a third-party app to me. Presumably some thought went into what validators should be built-in when the password validation was first added in Django. Please write to the DevelopersMailingList if you want other opinions. In particular, I'd like to know what criteria you'd use to determine whether or not a validator should be built-in. Thanks.

Note: See TracTickets for help on using tickets.
Back to Top