Why does this throw an exception instead of just returning False? I guess it makes it slightly harder to silently proceed with a bad password if you forget to explicitly handle the failure case, but given that a successful verification returns True, it strikes me as a fairly gratuitous POLS violation.
I’m inclined to agree with ‘fairly gratuitous POLS violation’, but it’s true that it does make it impossible to accidentally ignore a failed check. I kind of like that property.
Yeah, that is a nice benefit – but if you’re going to go that route (failure-handling strictly via exceptions), I’d argue it’d be a lot more consistent to have a successful verify() call not return anything at all.
Why does this throw an exception instead of just returning
False? I guess it makes it slightly harder to silently proceed with a bad password if you forget to explicitly handle the failure case, but given that a successful verification returnsTrue, it strikes me as a fairly gratuitous POLS violation.I’m inclined to agree with ‘fairly gratuitous POLS violation’, but it’s true that it does make it impossible to accidentally ignore a failed check. I kind of like that property.
Yeah, that is a nice benefit – but if you’re going to go that route (failure-handling strictly via exceptions), I’d argue it’d be a lot more consistent to have a successful
verify()call not return anything at all.I’m definitely with you there.