On Monday 07 September 2015 20:09:06 Marc Tamlyn wrote: > I agree with Aymeric and Markus that createsuperuser should not validate > strength of passwords when DEBUG is on. Having to use a secure password for > development/test accounts is an unnecessary level of interference for > users. > > I agree its safer to prevent using admin/admin in production and this is a > good thing, but there's no reason to prevent this for development. In fact, > I'd argue enforcing it for development will encourage teams to have a > "standard" secure password for their sites, which is also used in > production. By allowing admin/admin in development, and enforcing something > better in production we are more helpfully enforcing best practice. > +1.
Shai.
