Another security question

Paul Rubin no.email at nospam.invalid
Sat Dec 24 03:08:16 EST 2016


Chris Angelico <rosuav at gmail.com> writes:
> Correct. However, weak passwords are ultimately the user's
> responsibility, where the hashing is the server's responsibility.

No, really, the users are part of the system and therefore the system
designer must take the expected behavior of actual users into account.
The idea is to prevent breaches, not to allow them as long as the blame
can be shifted to someone else.


More information about the Python-list mailing list