On 11/21/05, Adrian Holovaty <[EMAIL PROTECTED]> wrote: > There'd be no way of knowing whether the incoming password were > plaintext vs. encrypted, because any character is allowed in a > password.
I guess I could have phrased that better. Currently admin interface directs the user to enter the hash, not the actual password; this would be done away with, and the user would be directed to enter the actual password, which would be hashed by the _pre_save. Entering the hash directly would have to be disallowed, making for another backwards-incompatible change, but I can't think of any reason why it'd be useful to keep that ability. -- "May the forces of evil become confused on the way to your house." -- George Carlin
