Opened 16 years ago

Closed 12 years ago

#6858 closed New feature (fixed)

Migrate legacy md5 password support out of the User model

Reported by: James Bennett Owned by: nobody
Component: contrib.auth Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: yes
Needs tests: yes Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

As proposed on the developers' list, I'd like to remove the checks in django.contrib.auth.models.User.check_password() for dealing with legacy unsalted md5 passwords (which were the default before the 0.91 release). Attached is a patch which removes this, and moves the transparent "password upgrade" functionality into an auth backend for legacy support, which can be used by sites that need to worry about this.

Attachments (1)

legacy_auth.diff (2.9 KB ) - added by James Bennett 16 years ago.

Download all attachments as: .zip

Change History (7)

by James Bennett, 16 years ago

Attachment: legacy_auth.diff added

comment:1 by James Bennett, 16 years ago

Triage Stage: UnreviewedDesign decision needed

comment:2 by James Bennett, 16 years ago

Needs documentation: set
Needs tests: set

comment:3 by Gabriel Hurley, 13 years ago

Component: Contrib appscontrib.auth

comment:4 by Julien Phalip, 13 years ago

Severity: Normal
Type: New feature

comment:5 by Chris Beaven, 13 years ago

Easy pickings: unset
Triage Stage: Design decision neededAccepted

Sure, feel free to update this for current trunk and provide tests & docs.

comment:6 by Aymeric Augustin, 12 years ago

Resolution: fixed
Status: newclosed
UI/UX: unset

New password hashing features were introduced at r17253 and r17254.

The offending code was removed by the first of these commits.

I don't think upgrading from Django <0.91 is still a concern today.

Note: See TracTickets for help on using tickets.
Back to Top