#4170: Admin password can be set to empty
-------------------------------------------+--------------------------------
Reporter: [EMAIL PROTECTED] | Owner: adrian
Status: closed | Component: Admin
interface
Version: SVN | Resolution: wontfix
Keywords: password admin user auth | Stage: Design
decision needed
Has_patch: 0 | Needs_docs: 0
Needs_tests: 0 | Needs_better_patch: 0
-------------------------------------------+--------------------------------
Changes (by Simon G. <[EMAIL PROTECTED]>):
* status: new => closed
* resolution: => wontfix
Comment:
Hmm.. I can definitely see both points of view here.
It just feels *wrong* to allow an empty password ever. *However*, the
admin site does prevent you from changing your password to an empty one
(not directly though - you get a "this field is required" validation
error). The only way to change this to an empty password is via the User
model (either via set_password or directly modifying it), and if a
malicious user has access to that, then you have bigger issues to deal
with.
I've marked this as wontfix, but if anyone else has anything to add,
please jump in.
--
Ticket URL: <http://code.djangoproject.com/ticket/4170#comment:4>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
