Opened 9 years ago

Closed 5 years ago

#6858 closed New feature (fixed)

Migrate legacy md5 password support out of the User model

Reported by: James Bennett Owned by: nobody
Component: contrib.auth Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: yes
Needs tests: yes Patch needs improvement: no
Easy pickings: no UI/UX: no


As proposed on the developers' list, I'd like to remove the checks in django.contrib.auth.models.User.check_password() for dealing with legacy unsalted md5 passwords (which were the default before the 0.91 release). Attached is a patch which removes this, and moves the transparent "password upgrade" functionality into an auth backend for legacy support, which can be used by sites that need to worry about this.

Attachments (1)

legacy_auth.diff (2.9 KB) - added by James Bennett 9 years ago.

Download all attachments as: .zip

Change History (7)

Changed 9 years ago by James Bennett

Attachment: legacy_auth.diff added

comment:1 Changed 9 years ago by James Bennett

Needs documentation: unset
Needs tests: unset
Patch needs improvement: unset
Triage Stage: UnreviewedDesign decision needed

comment:2 Changed 9 years ago by James Bennett

Needs documentation: set
Needs tests: set

comment:3 Changed 6 years ago by Gabriel Hurley

Component: Contrib appscontrib.auth

comment:4 Changed 6 years ago by Julien Phalip

Severity: Normal
Type: New feature

comment:5 Changed 6 years ago by Chris Beaven

Easy pickings: unset
Triage Stage: Design decision neededAccepted

Sure, feel free to update this for current trunk and provide tests & docs.

comment:6 Changed 5 years ago by Aymeric Augustin

Resolution: fixed
Status: newclosed
UI/UX: unset

New password hashing features were introduced at r17253 and r17254.

The offending code was removed by the first of these commits.

I don't think upgrading from Django <0.91 is still a concern today.

Note: See TracTickets for help on using tickets.
Back to Top