Path: csiph.com!usenet.pasdenom.info!news.franciliens.net!news.muarf.org!nntpfeed.proxad.net!proxad.net!feeder1-2.proxad.net!usenet-fr.net!nerim.net!novso.com!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.017 X-Spam-Evidence: '*H*': 0.97; '*S*': 0.00; 'column': 0.07; 'subject:code': 0.07; 'width.': 0.09; 'cc:addr:python-list': 0.10; 'stored': 0.10; 'storing': 0.16; 'wrote:': 0.17; 'certainly': 0.17; 'code,': 0.18; 'sort': 0.21; 'password.': 0.22; 'received :mail-bk0-f46.google.com': 0.22; 'cc:2**0': 0.23; 'example': 0.23; 'dependent': 0.23; "haven't": 0.23; 'cc:no real name:2**0': 0.24; 'cc:addr:python.org': 0.25; 'header:In-Reply-To:1': 0.25; '(which': 0.26; 'received:209.85.214.46': 0.27; 'message- id:@mail.gmail.com': 0.27; "doesn't": 0.28; 'rest': 0.28; 'hash': 0.29; 'writes:': 0.29; 'point': 0.31; 'hopefully': 0.33; 'passwords': 0.33; "can't": 0.34; 'received:google.com': 0.34; 'pm,': 0.35; 'table': 0.35; 'received:209.85': 0.35; 'there': 0.35; 'but': 0.36; 'too': 0.36; 'received:209': 0.37; 'subject:: ': 0.38; 'received:209.85.214': 0.39; 'easily': 0.39; 'header:Received:5': 0.40; 'john': 0.60; 'maximum': 0.63; 'concerns': 0.65; 'exceed': 0.65; 'jul': 0.65; 'limit?': 0.84; 'to:addr:gordon': 0.84 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=5U0+TGHUzI+xojZhGShAcqOZmmKVugSgvUYBPH/yJVk=; b=ejeGapYNWIzQLq8Jo7lASBMCQKv0cZiCR6Rt4qkUyauEpYJfTlu/tXGqUg7cERx929 IBeRsVU8aKFL4wzsCZ6Pj62SKHc6yJBCxzni1rLDO9B8vIR9SGxbxcXZUWLJwu/SygDq PB3KUsdSD+rMfKsFBMDS1uUXejV0WoYXo3xE2wcLX9I4sLLa9mCu8nH5aO4D1jGN7E59 nvczyiOYWgNbYikc7WdEnGyKlzqHNqp5oaUPKSj5l/2kwNFqLBiJrSoBuZGGgDQm8rBL a8XzqnbMeyHTSpLPEKtP9BFp/v58+Z9u7MKJ09JyE2BQWJEaGkykzKnAvhNZP5GtshDc /YqQ== MIME-Version: 1.0 In-Reply-To: References: <6c39594f-79cb-4d4f-967e-bbc3f68cdbdf@f8g2000pbf.googlegroups.com> <4fed59b7$0$29978$c3e8da3$5496439d@news.astraweb.com> From: Ian Kelly Date: Tue, 3 Jul 2012 12:27:05 -0600 Subject: Re: code review To: John Gordon Content-Type: text/plain; charset=ISO-8859-1 Cc: python-list@python.org X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 15 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1341340058 news.xs4all.nl 6848 [2001:888:2000:d::a6]:50002 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:24830 On Tue, Jul 3, 2012 at 12:18 PM, John Gordon wrote: > In Kushal Kumaran writes: > >> I haven't actually seen the rest of the code, but I would like to >> point out that applications placing maximum length limits on passwords >> are extremely annoying. > > As a practical matter, doesn't there have to be *some* sort of limit? > For example if the (encrypted) password is stored in a database, you can't > exceed the table column width. Hopefully you're storing password hashes, not encrypted passwords (which can all too easily be DEcrypted), and the length of the hash is not dependent on the length of the password. But yes, there are certainly practical concerns here.