Friday, September 30, 2016

Re: Upgrading a django 1.2 Alpha site to 1.10 final site, passwords don't work

Django 1.10 can still support SHA1, but it's not enabled by default. Please read https://docs.djangoproject.com/en/dev/releases/1.10/#removed-weak-password-hashers-from-the-default-password-hashers-setting and https://docs.djangoproject.com/en/stable/topics/auth/passwords/.

On Friday, September 30, 2016 at 11:18:36 AM UTC-4, Evan Roberts wrote:
Hello All,

I'm new to django and python.  A project that was last maintained in 2009 was bestowed upon me because the underlying OS is approaching end-of-life.

I've read the first few chapters the Django book and the first 10 chapters of Django Unleashed.  I've got the project and supporting libraries brought up to the python 3.5.0 and django 1.10.
My current hurdle is the user's passwords are stored using SHA1 hashing.  I ***think*** django 1.10 no longer supports the sha1 hashing algorithm. 

Is there a way to allow the users to login (using SHA1 to validate the password) and then force them to change their passwords (storing them using new hash)? 

Best Regards,

Evan R.


--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/16abf06b-4cda-4ea6-967d-b2286df0c9da%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

No comments:

Post a Comment