test0908
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Refs #23559 -- warned about consequences of letting users edit User model in admin.

This commit is contained in:
Remco Kranenburg 2015-03-13 08:48:39 -04:00 committed by Tim Graham
parent 56cd87a5af
commit f6b09a7f85
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/topics/auth/default.txt
View File

@ -1414,6 +1414,11 @@ have the power to create superusers, which can then, in turn, change other
users. So Django requires add *and* change permissions as a slight security users. So Django requires add *and* change permissions as a slight security
measure. measure.
Be thoughtful about how you allow users to manage permissions. If you give a
non-superuser the ability to edit users, this is ultimately the same as giving
them superuser status because they will be able to elevate permissions of
users including themselves!
Changing Passwords Changing Passwords
------------------ ------------------