summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2013-10-17 18:58:24 -0400
committerTim Graham <timograham@gmail.com>2013-10-17 19:00:08 -0400
commit37afcbeb92cd556ff1081c9db5a4a320efd5b7a3 (patch)
tree509f262833170c88dc3775bea2fba86a77930f66
parentb2f9c74ed1cd246022ab52d239eeb33f950dcc70 (diff)
[1.6.x] Removed 1.6 release note text regarding password limit length.
This changed was reverted in 5d74853e156105ea02a41f4731346dbe272c2412. Backport of d97bec5ee3 from master
-rw-r--r--docs/releases/1.6.txt16
1 files changed, 0 insertions, 16 deletions
diff --git a/docs/releases/1.6.txt b/docs/releases/1.6.txt
index a0ae500c74..93ad4c76e7 100644
--- a/docs/releases/1.6.txt
+++ b/docs/releases/1.6.txt
@@ -810,22 +810,6 @@ as JSON requires string keys, you will likely run into problems if you are
using non-string keys in ``request.session``. See the
:ref:`session_serialization` documentation for more details.
-4096-byte limit on passwords
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. note::
- This behavior was also added in the Django 1.5.4 and 1.4.8 security
- releases.
-
-Historically, Django has imposed no length limit on plaintext
-passwords. This enables a denial-of-service attack through submission
-of bogus but extremely large passwords, tying up server resources
-performing the (expensive, and increasingly expensive with the length
-of the password) calculation of the corresponding hash.
-
-Django now imposes a 4096-byte limit on password length, and will fail
-authentication with any submitted password of greater length.
-
Miscellaneous
~~~~~~~~~~~~~