search

dpgaspar / Flask-AppBuilder

Simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Demo (login with guest/welcome) - http://flaskappbuilder.pythonanywhere.com/
BSD 3-Clause "New" or "Revised" License
4.58k stars 1.34k forks source link

feat: Updating Hashing Method to PBKDF2 with SHA-256 #2234

Open mamccorm opened 2 months ago

mamccorm commented 2 months ago

Description

This PR updates the password hashing mechanism from the current method to PBKDF2 with SHA-256. The change affects how passwords are processed within the Flask-AppBuilder security module.

By default, werkzeug uses scrypt, which is not approved by FIPS, meaning anyone who wants to use this package inside an application which requires FIPS compliance will not be able to.

ADDITIONAL INFORMATION

mamccorm commented 2 months ago

Not sure why the python lint check in CI is still failing? I pushed up all fixes:

% black setup.py flask_appbuilder

All done! ✨ 🍰 ✨
84 files left unchanged.