#28660 closed Cleanup/optimization (wontfix)
Remove CryptPasswordHasher
| Reported by: | Mads Jensen | Owned by: | Uman Shahzad |
|---|---|---|---|
| Component: | contrib.auth | Version: | dev |
| Severity: | Normal | Keywords: | hasher crypt password |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
It's not documented, and is no longer included in any default settings, and the doc string says it may not be available on all platforms. There's a single test in tests/auth_tests/test_hashers.py for it.
Change History (4)
comment:1 by , 7 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:3 by , 7 years ago
It is documented here: https://docs.djangoproject.com/en/1.11/topics/auth/passwords/#included-hashers
I'm not seeing a pressing reason to remove this hasher, which may be used for compatibility with existing password databases.
If there's a decision to remove it, that should go through a deprecation path.
comment:4 by , 7 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | assigned → closed |
I agree -- unless a discussion on the DevelopersMailingList yields a consensus that the original use case in #3316 in obsolete, this hasher doesn't have much maintenance cost and it's better for there to be a canonical implementation rather than requiring users to implement it themselves.