Document that CommonPasswordValidator assumes all words are lower case
The CommonPasswordValidator holds a set of common passwords in memory, after strip()ing any whitespace.
While validating a password, it converts it to lowercase before comparing to the set. However, the reference set was not converted to lowercase.
This is not a problem when using the default set of common passwords, as they have been preprocessed to be lowercase. However, there is nothing in the documentation indicating this preprocessing should occur.
Change History
(8)
| Description: |
modified (diff)
|
| Description: |
modified (diff)
|
| Component: |
Uncategorized → Documentation
|
| Summary: |
Common password validator does not handle case correctly → Document that CommonPasswordValidator assumes all words are lower case
|
| Triage Stage: |
Unreviewed → Accepted
|
| Type: |
Uncategorized → Cleanup/optimization
|
| Owner: |
changed from nobody to Karmen
|
| Status: |
new → assigned
|
| Has patch: |
set
|
| Triage Stage: |
Accepted → Ready for checkin
|
| Resolution: |
→ fixed
|
| Status: |
assigned → closed
|
I think documenting the existing requirement for the password list to be lower case would be fine. A documentation fix would address the problem for older versions of Django and also avoid unnecessary computations for lists that are already lower case.