On Wed, Jun 29, 2011 at 8:36 AM, benjaoming <[email protected]> wrote: > > Dear all, > > As a maintainer of many Django sites, I would often like to see a very > small feature implemented, that could make life a lot easier for me: > To force my users to set their own password. > > I know this could lead to a long debate about password strength, SSL, > password reminders, secret answers etc... but for me, the most urgent > problem is that people have to be reminded manually about their > passwords, and I have to reset them pretty often (or find copies of > emails that i've sent).
django.auth already provides a password reset mechanism, where users can get a password reset link. So, woudn't this work for you?: 1) Create users with a large random password. Destroy every copy of the password 2) Use the reset password feature with their email to force it to set an initial value That way you never send them actual passwords, and the only passwords they can use are the ones they set. all of this works with no additional support needed from django D. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
