Version 3 (modified by 19 years ago) ( diff ) | ,
---|
Django admin expects users' passwords to be entered as SHA-1 hashes in the format [algo]$[salt]$[hexdigest]
. Here is a tool which automates calculating the hashes on the client side.
What it does as of version 1.0 is:
- searches each opened page for an
<input>
withid="id_password"
,class="vTextField required"
,name="password
,size="30"
andmaxlength="128"
, which is how the password field is defined in Django admin - when the password field loses focus, replaces its contents with a SHA-1 salted hash as Django expects
- does not modify field contents if it's already a hash
You need to
- use the Firefox browser
- install the Greasemonkey extension
- install the djangopasswordhasher.user.js user script
Pros:
- works on all standard Django admin sites
- nothing to install on the server side
Cons:
- needs the extension on the browser
- doesn't use a real password field -- password entry is visible
---
Note: Don't try to install the script using the attachments below. Use the remote link above instead. Admins should remove the attachments.
Attachments (2)
-
djangopasswordhasher.user.js
(3.5 KB
) - added by 19 years ago.
Version 1.0
-
djangopasswordhasher.user.js.txt
(3.5 KB
) - added by 19 years ago.
Maybe easier to install by looking at this in plain format.
Download all attachments as: .zip
Note:
See TracWiki
for help on using the wiki.