Django意外地只存储密码散列,而不存储算法参数。
Django意外地只存储密码散列,而不存储算法参数。
提问于 2020-05-15 16:46:06
我有一个Django应用程序,它可以在本地正常工作。它在迁移中创建一个用户:
superuser = User.objects.create_superuser(
username=username, email=email, password=password
)
superuser.save()在本地,它创建的密码结构与我所期望的完全一样:
MySQL [XXXX]> select * from auth_user;
+----+---------------------------------------------------------------------------+----------------------------+--------------+----------+------------+-----------+-------------------+----------+-----------+----------------------------+
| id | password | last_login | is_superuser | username | first_name | last_name | email | is_staff | is_active | date_joined |
+----+---------------------------------------------------------------------------+----------------------------+--------------+----------+------------+-----------+-------------------+----------+-----------+----------------------------+
| 5 | argon2$argon2i$v=19$m=512,t=2,p=2$SXXXXXXXXXX2eVFl$KZdVItv/XXXXXXXXXXXuRg | 2020-05-15 16:26:01.713174 | 1 | internal | | | XXX@XXX.org | 1 | 1 | 2020-05-15 16:25:12.438746 |
+----+---------------------------------------------------------------------------+----------------------------+--------------+----------+------------+-----------+-------------------+----------+-----------+----------------------------+在生产过程中,它做了一些非常奇怪的事情,存储散列,但不存储任何算法数据:
MySQL [XXXX]> select * from auth_user;
+----+-------------------------------------------+------------+--------------+----------+------------+-----------+-------------------+----------+-----------+----------------------------+
| id | password | last_login | is_superuser | username | first_name | last_name | email | is_staff | is_active | date_joined|
+----+-------------------------------------------+------------+--------------+----------+------------+-----------+-------------------+----------+-----------+----------------------------+
| 1 | !rbx7XXXXXXXXXXXXXXXXu7o84FNI3tZcQc5Lgkqt | NULL | 1 | internal | | | XXX@XXX.org | 1 | 1 | 2020-05-15 09:43:49.955879|
+----+-------------------------------------------+------------+--------------+----------+------------+-----------+-------------------+----------+-----------+----------------------------+我已经验证了相同的码头图像检查和用于本地测试和远程。我的要求文件是:
#
# This file is autogenerated by pip-compile
# To update, run:
#
# pip-compile requirements.in
#
argon2-cffi==19.2.0 # via django
boto==2.49.0 # via django-ses
brotli==1.0.7 # via whitenoise
certifi==2020.4.5.1 # via requests, sentry-sdk
cffi==1.14.0 # via argon2-cffi
chardet==3.0.4 # via requests
django-environ==0.4.5 # via -r requirements.in
django-ipware==2.1.0 # via django-structlog
django-prometheus==1.1.0 # via -r requirements.in
django-ses==0.8.14 # via -r requirements.in
django-structlog==1.5.2 # via -r requirements.in
django-zxcvbn-password==2.1.0 # via -r requirements.in
django[argon2]==2.2.3 # via -r requirements.in, django-structlog, djangorestframework
djangorestframework==3.11.0 # via -r requirements.in
future==0.18.2 # via django-ses
gunicorn==20.0.4 # via -r requirements.in
idna==2.9 # via requests
incuna-mail==4.0.0 # via -r requirements.in
mysqlclient==1.4.6 # via -r requirements.in
prometheus-client==0.7.1 # via django-prometheus
pycparser==2.20 # via cffi
pytz==2019.3 # via django, django-ses
requests==2.23.0 # via -r requirements.in
sentry-sdk==0.14.3 # via -r requirements.in
six==1.14.0 # via -r requirements.in, argon2-cffi, structlog
sqlparse==0.3.1 # via django
structlog==20.1.0 # via django-structlog
urllib3==1.25.9 # via requests, sentry-sdk
whitenoise[brotli]==5.0.1 # via -r requirements.in
zxcvbn==4.4.28 # via django-zxcvbn-password
# The following packages are considered to be unsafe in a requirements file:
# setuptools是什么导致的?
回答 1
Stack Overflow用户
回答已采纳
发布于 2020-05-15 20:29:14
这是由于配置中提供的空白密码导致设置了不可使用的密码。当提供空字符串时,User.objects.create_superuser设置不可用的密码。医生说:
如果没有提供密码,则将调用
()。
但是,空字符串似乎被视为“无密码”(这是出乎意料的,但考虑到Python对空字符串的错误处理,这并不令人惊讶)。服务的配置中有一个错误,导致一个空密码被传递给它。
出现意外的不同格式的原因是不可用的密码似乎没有使用相同的散列函数结构。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/61824350
复制相关文章
相似问题
腾讯云开发者
