On Sun, 2009-02-01 at 01:07 -0800, Guy Rutenberg wrote: > Hi Kless, > > > On Jan 31, 7:05 pm, Kless <jonas....@googlemail.com> wrote: > > > > Your method has a point of failure. Whatever can see your code JS > > (client-code), so he will know what are you making with the password > > that is sent from a form. > > > > The best options are https or using HMAC-SHA1/RIPEMD160 > > > > I've indeed referenced HMAC in couple of the previous posts. As this > methods should be (almost) irreversable, i don't care if someone will > take a look at the JS and figure out what I'm doing (I'm not trying to > obtain security by obfustication). As you said, HMAC-SHA1 (or any > other strong hash with HMAC) is a good option. I just wonder if Django > has builtin support for using this things or I've to write my own.
Django itself does not have support for this. It's essentially out of scope. We had a long discussion about it a couple of years back and nothing has really changed since then (the best solution is HTTPS and anything else is a workaround with all the drawbacks that come with it). There might (or might not) be some third-party application to provide it. Django is meant to be the basis on which other things are built and this sounds like something that would be a third-party thing. Regards, Malcolm --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
