Hi Wim,
In my opinion, it is very safe and consistent to use password validation inall instances and places. It definitely prevents people from using admin/admin and markus/markus as a login, which sounds safe to me.If you don't want that, you can change the validators depending on DEBUG in your settings; or disable them in your local_settings. In addition, you can change the password using the shell as you suggested.
I think using admin/admin or company/company at the development stage is quite a common and widely-used pattern. Making the developer use strong passwords or going through the hassle of deactivating password validators seems a bit too much waste of time for little or no gain to me.
I would even dare to say I'm totally against activated-by-default password validators. I think it should be a decision the developers take consciously, as it again adds just more overhead (which Django surely doesn't need).
-- unai -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/20150907153636.GB11490%40def. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: Digital signature