#14249: Inactive users have less permissions then anonymous users with custom
backend
---------------------------------------------+------------------------------
Reporter: hvdklauw | Owner: nobody
Status: new | Milestone: 1.3
Component: Authentication | Version: 1.2
Resolution: | Keywords:
Stage: Design decision needed | Has_patch: 0
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 0 |
---------------------------------------------+------------------------------
Changes (by lukeplant):
* stage: Unreviewed => Design decision needed
Comment:
I'm inclined to agree, but there is a security related backwards
incompatibility: if someone has already implemented an auth backend, then
this change will open up a hole where inactive users may get permissions,
whereas before they had none. That code will have to be updated to close
the hole. So I'll mark design decision needed - please bring it up on
django-devs.
Thanks!
--
Ticket URL: <http://code.djangoproject.com/ticket/14249#comment:2>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
