On 10/6/19 10:11 AM, Abhilash Raj wrote:
I am hoping that I can commit the change with the commented out code, unless I am reminded of a use for the passwords in Core's database. Then, it might be a bit more of work trying to figure out another way to improve the speed.
I'm not at all sure what's actually implemented, but there is a feature for pre-approving a post with an Approved: header with a password. This is also supposed to work to approve held posts, but approving/discarding held posts by email is broken anyway[1].
Lists have a moderator_password attribute which is an encrypted version of a plain text password that can be used for this purpose, but the original intent IIRC was that this could be the password of the user sending the mail and would be accepted if the user was an owner or moderator. As I said, I'm not sure (don't think) this is implemented, and a much better approach is to abandon the Approved: header in favor of a pgp signature from an owner/moderator.
The other possible use for this password is if a user imported by import21 wants to authenticate to Django, she might be able to use this password. I don't think that's the case now.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan