set password for user object is insecure

micahmanquen / django-ldap-groups

Automatically exported from code.google.com/p/django-ldap-groups

0 stars 0 forks source link

set password for user object is insecure #2

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

user.set_password('ldap authenticated' seems a bit insecure. If ldap is down, 
account becomes 
available using this "known" password.

should be replaced with 

user.set_unusable_password()

Original issue reported on code.google.com by prestonh...@gmail.com on 13 Jan 2010 at 6:08

GoogleCodeExporter commented 8 years ago

Makes sense.  I'll make the change.  Thanks for the pointer, I'd forgotten 
about 
set_unusable_password().

Original comment by tphern...@gmail.com on 19 Jan 2010 at 9:18

GoogleCodeExporter commented 8 years ago

Fixed in revision e78cf12374.

Original comment by tphern...@gmail.com on 19 Jan 2010 at 9:41

Changed state: Fixed