I was thinking of a situation where you have md5 hashes in the database and
want to run both Django and the legacy system at the same time. In that
case, changing the password format in the database might not be an option
if the legacy system needs to read plain hashes instead of Django's format.
Maybe this isn't important to support. I thought it might be possible using
the unsalted md5 hasher with algorithm='' but this givers
ImproperlyConfigured("hasher doesn't specify an algorithm name").
On Friday, February 5, 2016 at 10:05:31 AM UTC-5, Donald Stufft wrote:
>
>
> > On Feb 5, 2016, at 10:04 AM, Tim Graham <timog...@gmail.com
> <javascript:>> wrote:
> >
> > I'm not sure if we can keep support for unsalted hashes while removing
> the special logic in identify_hasher() for those hashers since they don't
> confirm to Django's normal hash format?
> >
> https://github.com/django/django/pull/6082/files#diff-2f01db46550174ad3e55be7070b98ec9
>
> >
> > I guess a use case where you are integrating with a legacy system that
> doesn't allow upgrading of passwords wouldn't allow the "wrapping hashers"
> technique.
>
> Seems like it would be trivial to migrate the database to make the hashed
> password conform to the format.
>
> -----------------
> Donald Stufft
> PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372
> DCFA
>
>
--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/49c680fb-3154-43d6-9dc1-3e46dc2f2b6d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
