Changes between Initial Version and Version 1 of Ticket #32508, comment 35
- Timestamp:
- Jul 21, 2021, 2:16:54 PM (3 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #32508, comment 35
initial v1 3 3 For example, here are a couple of the asserts, in the case of `PBKDF2PasswordHasher.encode()`: 4 4 https://github.com/django/django/blob/012f38f9594b35743e9ab231757b7b62db638323/django/contrib/auth/hashers.py#L271-L273 5 And here is an example in the Django docs instructing users to call this method with their own code :5 And here is an example in the Django docs instructing users to call this method with their own code (for the purposes of a data migration): 6 6 https://docs.djangoproject.com/en/3.2/topics/auth/passwords/#password-upgrading-without-requiring-a-login 7 7 That section also tells the user they "can modify the pattern to work with any algorithm or with a custom user model." Since Django has examples telling users to call this method with their own code, and also since this is a security-related code path, I think it would be worth switching from `assert` statements to more explicit argument checking.