mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

[1.7.x] Refs #23559 -- warned about consequences of letting users edit User model in admin.

Browse Source 
Backport of f6b09a7f85 from master
This commit is contained in:
Remco Kranenburg
2015-03-13 08:48:39 -04:00
committed by Tim Graham
parent 639583ed1d
commit 96bbade674
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
docs/topics/auth/default.txt
View File

@@ -1402,6 +1402,11 @@ have the power to create superusers, which can then, in turn, change other
users. So Django requires add *and* change permissions as a slight security users. So Django requires add *and* change permissions as a slight security
measure. measure.
Be thoughtful about how you allow users to manage permissions. If you give a
non-superuser the ability to edit users, this is ultimately the same as giving
them superuser status because they will be able to elevate permissions of
users including themselves!
Changing Passwords Changing Passwords
------------------ ------------------