Opened 7 weeks ago

Closed 7 weeks ago

Last modified 7 weeks ago

#28660 closed Cleanup/optimization (wontfix)

Remove CryptPasswordHasher

Reported by: Mads Jensen Owned by: Uman Shahzad
Component: contrib.auth Version: master
Severity: Normal Keywords: hasher crypt password
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

It's not documented, and is no longer included in any default settings, and the doc string says it may not be available on all platforms. There's a single test in tests/auth_tests/test_hashers.py for it.

Change History (4)

comment:1 Changed 7 weeks ago by Uman Shahzad

Owner: changed from nobody to Uman Shahzad
Status: newassigned

comment:2 Changed 7 weeks ago by Uman Shahzad

Has patch: set
Last edited 7 weeks ago by Tim Graham (previous) (diff)

comment:3 Changed 7 weeks ago by Aymeric Augustin

It is documented here: https://docs.djangoproject.com/en/1.11/topics/auth/passwords/#included-hashers

I'm not seeing a pressing reason to remove this hasher, which may be used for compatibility with existing password databases.

If there's a decision to remove it, that should go through a deprecation path.

comment:4 Changed 7 weeks ago by Tim Graham

Resolution: wontfix
Status: assignedclosed

I agree -- unless a discussion on the DevelopersMailingList yields a consensus that the original use case in #3316 in obsolete, this hasher doesn't have much maintenance cost and it's better for there to be a canonical implementation rather than requiring users to implement it themselves.

Note: See TracTickets for help on using tickets.
Back to Top