My opinion is that django.utils needn't grow features that Django itself doesn't use.
On Monday, March 7, 2016 at 11:04:48 AM UTC-5, Nick Timkovich wrote: > > By the presence of a "bits" measure in the documentation of the function > it seems to be known that it's a measure of interest. The benefit of adding > it into Django is that by review of others it can be assured to be correct > and will reduce the likelihood of security-related bugs. A bit contrived, > perhaps, but as adding such a parameter requires no external dependencies, > the bar shouldn't be terribly high. > > On Saturday, March 5, 2016 at 2:51:58 AM UTC-6, Moritz S. wrote: >> >> Can't you just define your own function called >> "get_random_string_entropy" that >> calculates the length and then calls get_random_string? >> What would be the benefit of doing that in Django directly? >> >> Am 05.03.2016 um 00:15 schrieb Nick Timkovich: >> > Rather than guess at the appropriate string length to get some level of >> > security, I'd like to add a (minimum) bits of entropy argument to >> > get_random_string, so I could say something like >> get_random_string(bits=256) and >> > have it do the math for me: math.ceil(bits / >> math.log2(len(allowed_chars))). >> > >> > Not sure what should happen if both bits and length are specified, let >> bits >> > override? ValueError? whichever is longer/more random/secure (maybe >> then call it >> > min_bits)? >> > >> > I seem to recycle that snippet in many of my projects, and I hope it >> would be >> > useful for others. >> >> -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/43f93e73-0119-4b2b-8df2-402c6a64064b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
