diff options
| author | Adrian Holovaty <adrian@holovaty.com> | 2005-11-21 03:33:22 +0000 |
|---|---|---|
| committer | Adrian Holovaty <adrian@holovaty.com> | 2005-11-21 03:33:22 +0000 |
| commit | a49fa746cdc056f0b660f47fbc55aa43fcd54bcc (patch) | |
| tree | 06570228609c2f52a40fce2a58be4a39a7f774a5 /docs/authentication.txt | |
| parent | f1a8869339a4d6d004028c1234aaf706e420b5dd (diff) | |
Fixed #273 -- BACKWARDS-INCOMPATIBLE CHANGE -- Changed auth.User.password field to add support for other password encryption algorithms. Renamed password_md5 to password and changed field length from 32 to 128. See http://code.djangoproject.com/wiki/BackwardsIncompatibleChanges for upgrade information
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1327 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'docs/authentication.txt')
| -rw-r--r-- | docs/authentication.txt | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/docs/authentication.txt b/docs/authentication.txt index f9093c81e2..475595e972 100644 --- a/docs/authentication.txt +++ b/docs/authentication.txt @@ -44,9 +44,9 @@ Fields * ``first_name`` -- Optional. 30 characters or fewer. * ``last_name`` -- Optional. 30 characters or fewer. * ``email`` -- Optional. E-mail address. - * ``password_md5`` -- Required. An MD5 hash of the password. (Django - doesn't store the raw password.) Raw passwords can be arbitrarily long - and can contain any character. + * ``password`` -- Required. A hash of, and metadata about, the password. + (Django doesn't store the raw password.) Raw passwords can be arbitrarily + long and can contain any character. See the "Passwords" section below. * ``is_staff`` -- Boolean. Designates whether this user can access the admin site. * ``is_active`` -- Boolean. Designates whether this user can log into the @@ -167,6 +167,28 @@ Change a password with ``set_password()``:: >>> u.set_password('new password') >>> u.save() +Passwords +--------- + +**This only applies to the Django development version.** Previous versions, +such as Django 0.90, used simple MD5 hashes without password salts. + +The ``password`` field of a ``User`` object is a string in this format:: + + hashtype$salt$hash + +That's hashtype, salt and hash, separated by the dollar-sign character. + +Hashtype is either ``sha1`` (default) or ``md5``. Salt is a random string +used to salt the raw password to create the hash. + +For example:: + + sha1$a1976$a36cc8cbf81742a8fb52e221aaeab48ed7f58ab4 + +The ``User.set_password()`` and ``User.check_password()`` functions handle +the setting and checking of these values behind the scenes. + Anonymous users --------------- |