Loading docs/releases/1.6.txt +0 −16 Original line number Diff line number Diff line Loading @@ -810,22 +810,6 @@ as JSON requires string keys, you will likely run into problems if you are using non-string keys in ``request.session``. See the :ref:`session_serialization` documentation for more details. 4096-byte limit on passwords ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. note:: This behavior was also added in the Django 1.5.4 and 1.4.8 security releases. Historically, Django has imposed no length limit on plaintext passwords. This enables a denial-of-service attack through submission of bogus but extremely large passwords, tying up server resources performing the (expensive, and increasingly expensive with the length of the password) calculation of the corresponding hash. Django now imposes a 4096-byte limit on password length, and will fail authentication with any submitted password of greater length. Miscellaneous ~~~~~~~~~~~~~ Loading Loading
docs/releases/1.6.txt +0 −16 Original line number Diff line number Diff line Loading @@ -810,22 +810,6 @@ as JSON requires string keys, you will likely run into problems if you are using non-string keys in ``request.session``. See the :ref:`session_serialization` documentation for more details. 4096-byte limit on passwords ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. note:: This behavior was also added in the Django 1.5.4 and 1.4.8 security releases. Historically, Django has imposed no length limit on plaintext passwords. This enables a denial-of-service attack through submission of bogus but extremely large passwords, tying up server resources performing the (expensive, and increasingly expensive with the length of the password) calculation of the corresponding hash. Django now imposes a 4096-byte limit on password length, and will fail authentication with any submitted password of greater length. Miscellaneous ~~~~~~~~~~~~~ Loading
