Adam, If it's perfectly fine to pass almost any not-None object to make_password function and it returns correctly generated hash then why does the documentation say:
make_password(password, salt=None, hasher='default') > Creates a hashed password in the format used by this application. It takes > one mandatory argument: the password in *plain-text*. https://docs.djangoproject.com/en/3.0/topics/auth/passwords/#django.contrib.auth.hashers.make_password What does "plain-text" mean there? Thanks, Dawid On Thursday, 12 March 2020 18:18:59 UTC+1, Adam Johnson wrote: > > User provided passwords are validated already: > https://docs.djangoproject.com/en/3.0/topics/auth/passwords/#module-django.contrib.auth.password_validation > > When using set_password directly, you as the programmer are responsible > for ensuring the value you use for password is valid. Normally this means > calling the functions detailed in "Integrating validation" beforehand. > > -- > Adam > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/bda75e4c-2dae-42ef-91f3-c3054031c800%40googlegroups.com.
