innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

[1.8.x] Refs #23559 -- warned about consequences of letting users edit User model in admin. 

Backport of f6b09a7f85 from master
This commit is contained in:
Remco Kranenburg 2015-03-13 08:48:39 -04:00 committed by Tim Graham
parent 06085024f6
commit 6f555e54f7
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/topics/auth/default.txt
View File

@ -1427,6 +1427,11 @@ have the power to create superusers, which can then, in turn, change other
users. So Django requires add *and* change permissions as a slight security users. So Django requires add *and* change permissions as a slight security
measure. measure.
Be thoughtful about how you allow users to manage permissions. If you give a
non-superuser the ability to edit users, this is ultimately the same as giving
them superuser status because they will be able to elevate permissions of
users including themselves!
Changing Passwords Changing Passwords
------------------ ------------------