Changes between Version 4 and Version 5 of Ticket #36901, comment 6


Ignore:
Timestamp:
Apr 13, 2026, 5:35:29 AM (45 hours ago)
Author:
Afenomamy

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #36901, comment 6

    v4 v5  
    1 So my plan is :
     1So  my plan is :
    221 -  Create two utility functions called **get_user_with_mitigation** and **aget_user_with_mitigation** inside django.contrib.auth.__init__.py.
    332 -  Update **django.contrib.auth.handlers.modwsgi.check_password** to use  ''get_user_with_mitigation''
    443 -  Refactor authenticate and aauthenticate in  **django.contrib.auth.backends.py** to use  ''get_user_with_mitigation and aget_user_with_mitigation'' .
    55
     6The implementation plan has changed after some reviews:
     7
     81 -  Create two utility functions called **check_password_with_timing_attack_mitigation** and **acheck_password_with_timing_attack_mitigation** inside django.contrib.auth.__init__.py.
     92 -  Update **django.contrib.auth.handlers.modwsgi.check_password** to use  ''check_password_with_timing_attack_mitigation''.
     103 -  Refactor authenticate and aauthenticate in  **django.contrib.auth.backends.py** to use  ''check_password_with_timing_attack_mitigation , acheck_password_with_timing_attack_mitigation '' .
     114 -  Adding some test to make sure that hasher is called once for inactive_user and custom_user without is_active attribute
    612
    713NB :
Back to Top