> Maybe I'm wrong but this patch define DEFAULT_ALGO at "django > installation" level. I think it shoud be defined at prject level. > something like this > >>>> try: > ... DEFAULT_ALGO = settings.DEFAULT_ALGO > ... except NameError: > ... DEFAULT_ALGO = 'sha1' > > does refer to project settings have some side issues I can't see?
I'm of two minds on this: 1) it's nice to be able to set it once and forget it; as such, the above 4 lines are a nice addition. 2) MD5 and crypt have known problems[1][2] so I can see justification in setting up roadblocks to change from SHA1 to a weaker alternative. Seeing calls in the code explicitly requesting "crypt" or "md5" force the developer to make it clear that they *really* *do* want this weaker alternative -- even if it violates DRY. -tim [1] http://en.wikipedia.org/wiki/Md5 [2] http://en.wikipedia.org/wiki/Crypt_(Unix) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
