Hi Erik, Thanks for the explanation. This looks like something I could try.
Another approach that I found recently was to use database routers[1]. This would not cause problems with password upgrades, but we would need to change some database permissions. [1] https://docs.djangoproject.com/en/dev/topics/db/multi-db/#using-routers -- Suhrid On Saturday, May 31, 2014 3:54:51 PM UTC+7, Erik Romijn wrote: > > Hello Suhrid, > > On 30 May 2014, at 15:58, suhrid...@proteus-tech.com <javascript:> wrote: > > check_password method of AbstractBaseUser in django.contrib.auth.models > tries to update the database. > > This causes problems when this code executes on a read-only slave > database. > > > > def check_password(self, raw_password): > > def setter(raw_password): > > self.set_password(raw_password) > > self.save(update_fields=["password"]) > > return check_password(raw_password, self.password, setter) > > Yes, this is a feature, which enables upgrading of password hashing. When > Django encounters a password that is hashed with an older hash, the setter > will be called, which will save the password with the current preferred > hash. This can only be done when the raw password is known, which can only > happen while Django is checking the password. > > I can see how this is an issue in your scenario. A solution I can come up > with is to extend this user model[1], where you override only the model's > check_password method. The setter parameter to check_password is optional, > and if absent it will simply not upgrade passwords. However, the downside > of this is of course, that passwords will not be upgraded if we add better > hashers in the future. > > [1] > https://docs.djangoproject.com/en/dev/topics/auth/customizing/#extending-the-existing-user-model > > > cheers, > Erik -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/da273bfc-21c2-4e18-9b4a-12d019e0ba97%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
