emit a warning if a user is using the default hashalg to AuthTkt

author: Michael Merickel <michael@merickel.org> 2012-11-04 12:34:22 -0600
committer: Michael Merickel <michael@merickel.org> 2012-11-04 12:39:09 -0600
commit: ca3df803c9afd04d7dee612e0bf321cc62cf900f (patch)
tree: 7a8f240dbe9329cdc490c36ee781e143ffec4d48 /CHANGES.txt
parent: 531e9ac9b45889322d80b46d661c6c3059fef2c7 (diff)
download: pyramid-ca3df803c9afd04d7dee612e0bf321cc62cf900f.tar.gz
pyramid-ca3df803c9afd04d7dee612e0bf321cc62cf900f.tar.bz2
pyramid-ca3df803c9afd04d7dee612e0bf321cc62cf900f.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/CHANGES.txt b/CHANGES.txt
index b3733a787..43a910f96 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -48,6 +48,15 @@ Bug Fixes
   attribute of the request.  It no longer fails in this case.  See
   https://github.com/Pylons/pyramid/issues/700
 
+Deprecations
+------------
+
+- ``pyramid.authentication.AuthTktAuthenticationPolicy`` will emit a warning
+  if an application is using the policy without explicitly setting the
+  ``hashalg``. This is because the default is "md5" which is considered
+  insecure. If you really want "md5" then you must specify it explicitly to
+  get rid of the warning.
+
 Internals
 ---------
author	Michael Merickel <michael@merickel.org>	2012-11-04 12:34:22 -0600
committer	Michael Merickel <michael@merickel.org>	2012-11-04 12:39:09 -0600
commit	ca3df803c9afd04d7dee612e0bf321cc62cf900f (patch)
tree	7a8f240dbe9329cdc490c36ee781e143ffec4d48 /CHANGES.txt
parent	531e9ac9b45889322d80b46d661c6c3059fef2c7 (diff)
download	pyramid-ca3df803c9afd04d7dee612e0bf321cc62cf900f.tar.gz pyramid-ca3df803c9afd04d7dee612e0bf321cc62cf900f.tar.bz2 pyramid-ca3df803c9afd04d7dee612e0bf321cc62cf900f.zip