On Jan 6, 10:37 am, Luke Plant wrote:
> On Wednesday 06 January 2010 04:24:15 Elias Torres wrote:
> > Thanks Luke for your explanation. I think I have learned something
> > here in terms of my own application security independent of
> > Django's multi-app envi
On Jan 5, 2:33 pm, Luke Plant wrote:
> On Tuesday 05 January 2010 16:53:17 Elias Torres wrote:
>
> > Simon,
>
> > I'm not a security expert by any means, but I really the fact that
> > you're making use of HMACs in your design. I will ask a good friend
>
oops.. I mean really *like*. Thanks.
On Jan 5, 12:09 pm, Karen Tracey wrote:
> On Tue, Jan 5, 2010 at 11:53 AM, Elias Torres wrote:
>
> > I'm not a security expert by any means, but I really the fact that
> > you're making use of HMACs in your design.
>
> Th
no-one else. Therefore, the
chance of discovering people's passwords with a dump from a Django
application is really small.
[1] http://benlog.com/articles/2008/06/19/dont-hash-secrets/
[2] http://code.djangoproject.com/svn/django/trunk/django/contrib/auth/models.py
Regards,
Elias Torres
