Re: [Probably BUG] set_password and check_password accept values other than string as parameters

Tom, I believe that I found the root cause of this issue. Let's take a closer look at force_bytes function from Django and to_bytes functi

Re: [Probably BUG] set_password and check_password accept values other than string as parameters

In this context it means that you shouldn’t encrypt, hash or otherwise manipulate the password before passing it into the method. Django, many other packages and Python itself will accept objects that can be coerced into a string (via __str__) rather than throw an exception. We’re all consenti

Re: [Probably BUG] set_password and check_password accept values other than string as parameters

Adam, If it's perfectly fine to pass almost any not-None object to make_password function and it returns correctly generated hash then why does the documentation say: make_password(password, salt=None, hasher='default') > Creates a hashed password in the format used by this application. It take

Re: [Probably BUG] set_password and check_password accept values other than string as parameters

User provided passwords are validated already: https://docs.djangoproject.com/en/3.0/topics/auth/passwords/#module-django.contrib.auth.password_validation When using set_password directly, you as the programmer are responsible for ensuring the value you use for password is valid. Normally this mea

Re: [Probably BUG] set_password and check_password accept values other than string as parameters

I think that the root question here is: should we allow users to create passwords from anything that is not str? Now seems like make_password function allows to do that (Django 3.0.4): In [1]: make_password(True) Out[1]: 'pbkdf2_sha256$18$WXVqmAhNTScA$bAiYHSr2fs3LbccZ+mDOAqE0vhYCPUOTVtot+TD

[ANNOUNCE] A new governance model has been adopted for the Django project

For several years, there have been efforts underway to change the way the Django open-source software project is run. This eventually produced a concrete proposal, which then went through discussion, revision, and voting by the Django core team, Django Technical Board, and Django Software Foundatio

Re: [Probably BUG] set_password and check_password accept values other than string as parameters

I agree with Adam, but in this case it seems to pose a security risk in case of user mistake, as such, raising a ValueError would have protect against the mistake of passing empty passwords, unless you consider empty passwords a feature of course in which case please dismiss my email. -- You r

Re: Review needed: Proposed behavior change in Field.contribute_to_class()

+1 from me. Best, Mariusz -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com.

Re: [Probably BUG] set_password and check_password accept values other than string as parameters

I reproduced this case. Used a random model from my project. Dawid Czeluśniak , 12 Mar 2020 Per, 02:06 tarihinde şunu yazdı: > Hi all, > > I've noticed that both set_password and check_password methods accept > values other than str as parameters. For example I'm able to set password > to boolean