Code

Changes between Version 199 and Version 200 of BackwardsIncompatibleChanges


Ignore:
Timestamp:
07/31/08 14:11:56 (6 years ago)
Author:
lukeplant
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • BackwardsIncompatibleChanges

    v199 v200  
    10481048== Password reset system changed to improve security and usability == 
    10491049 
    1050 In [8162], the password reset views and templates were overhauled.  If you have were using the existing views with a customised !PasswordResetForm, or with any customised templates (such as the password reset email, or any of the related forms), then you will probably have to update your code (note that these forms/templates had already been updated recently to use newforms).  The new system has much better security (#7723 is fixed).  It does not reset the password, but sends an emails to the user with a link to click on.  It also has much better usability -- the user is then prompted to enter their own password, rather than given a random one (which many users often forget to change).  The link for resetting the password will expire as soon as it is used, or after a timeout -- default 3 days. 
     1050In [8162], the password reset views and templates were overhauled.  If you have were using the existing views with a customised !PasswordResetForm, or with any customised templates (such as the password reset email, or any of the related forms), then you will probably have to update your code (note that these forms/templates had already been updated recently to use newforms).  If you manually included the URLs for these views into your project (which is currently the only way to get them), you will need to update -- see the URLs in [http://code.djangoproject.com/browser/django/trunk/django/contrib/auth/urls.py django.contrib.auth.urls] 
     1051 
     1052The new system has much better security (#7723 is fixed).  It does not reset the password, but sends an emails to the user with a link to click on.  It also has much better usability -- the user is then prompted to enter their own password, rather than given a random one (which many users often forget to change).  The link for resetting the password will expire as soon as it is used, or after a timeout -- default 3 days.