Enforcing password strength requirements with django.contrib.auth.views.password_change

后端未结

关注

 5  788

没有蜡笔的小新 2020-12-22 23:31

We have a Django application that requires a specific level of password complexity. We currently enforce this via client-side JavaScript which can easily be defeated by some

5条回答

孤城傲影 (楼主)

2020-12-23 00:10
Django 1.9 offers a built-in password validation to help prevent the usage of weak passwords by users. It's enabled by modifing the AUTH_PASSWORD_VALIDATORS setting in our project. By default Django comes with following validators:
- UserAttributeSimilarityValidator, which checks the similarity between the password and a set of attributes of the user.
- MinimumLengthValidator, which simply checks whether the password meets a minimum length. This validator is configured with a custom option: it now requires the minimum length to be nine characters, instead of the default eight.
- CommonPasswordValidator, which checks whether the password occurs in a list of common passwords. By default, it compares to an included list of 1000 common passwords.
- NumericPasswordValidator, which checks whether the password isn’t entirely numeric.
This example enables all four included validators:
```
AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
        'OPTIONS': {
            'min_length': 9,
        }
    },
    {
        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
    },
]
```
0 讨论(0)

查看其它5个回答
发布评论:

提交评论
- 加载中...