Django auth.models.py change.

Question

I am trying to make a change at the auth.models.py file to force the password hashing function (get_hexdigest()) to not use the salt when passing the sha1. So the change would be:

auth.models.py line 33

before:

return sha_constructor(salt+raw_password)

after:

return sha_constructor(raw_password)

However, when I make the change and reset the server, it is not recognized. The old way of encrypting is mantained, and nothing is different.

Do anyone knows why the changes are not loaded by django?

Thanks in advance.

Answer 1

First of all, it's not wise to change an internal Django function like that.

Second of all, there are a number of possible reasons this could be the case.

If you installed Django to your system as a normal Python package, you can't simply make a source change & it be recognized, unless your Django install is all source & done via symlink. You'd have to rebuild & install your modified version.

Django's sha_constructor() is merely a convenience interface to sha builders via the hashlib or sha modules (these are Python modules). So figure out which one is being used on your server & go take a look at either hashlib.sha1 or sha.new to see how those methods work.

Lastly, stop and reevaluate what you are doing. Do not modify Django. Instead, write your own method that performs hashing as you want it to be performed and make whatever app/project changes you need to make to use your custom hashing. Modifying Django's internal hashing is only going to cause you some headache down the road when you want to upgrade Django.