Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity

[1.7.x] Refs #23559 -- warned about consequences of letting users edit User model in admin.

Browse Source 
Backport of f6b09a7f85c3b67b2011553838b079788c413432 from master
This commit is contained in:
Remco Kranenburg 2015-03-13 08:48:39 -04:00 committed by Tim Graham
parent 639583ed1d
commit 96bbade674
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/topics/auth/default.txt
View File

@ -1402,6 +1402,11 @@ have the power to create superusers, which can then, in turn, change other
users. So Django requires add *and* change permissions as a slight security users. So Django requires add *and* change permissions as a slight security
measure. measure.
Be thoughtful about how you allow users to manage permissions. If you give a
non-superuser the ability to edit users, this is ultimately the same as giving
them superuser status because they will be able to elevate permissions of
users including themselves!
Changing Passwords Changing Passwords
------------------ ------------------