#16845: Admin should hide password hash field by default
-------------------------------------+-------------------------------------
Reporter: PaulM | Owner: nobody
Type: | Status: new
Cleanup/optimization | Component: contrib.auth
Milestone: 1.4 | Severity: Normal
Version: 1.3 | Keywords:
Resolution: | Has patch: 0
Triage Stage: Accepted | Needs tests: 0
Needs documentation: 0 | Easy pickings: 0
Patch needs improvement: 0 |
UI/UX: 0 |
-------------------------------------+-------------------------------------
Comment (by PaulM):
The only semi-common use case I could come up with for an admin needing to
see information in this field is to verify which type of password hashing
scheme is in use for the user. We could solve that by displaying the field
as a non-editable sanitized field with the hashing info visible.
Admins who are copy-pasting user password strings can probably find some
other way to deal with this that doesn't involve horrible practices like
that.
--
Ticket URL: <https://code.djangoproject.com/ticket/16845#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
