It's not the command that you should be worried about, but shell access to
your system. If your database server is secure, shell access is restricted,
and the server is also hardened reasonably, you should be relatively safe.
Sincerely yours,
Joel G Mathew
On Tue, 30 Apr 2019 at 21:07, Mario
You'd only need editing the already existing management command and remove
the possibility of using createsuperuser, but that is as useless as a
ceiling fan on a motor bike.as anyone that already has access to the
management code could just revert those changes. even continuing this
thread is a
RE :"*someone could still run createsuperuser *"
How do you suppose this is going to happen unless they have access to your
system?
If you are really concerned about that?? django is basically a package.
Just find the source code for the creatsuperuser admin command and delete
that file if its
Hey,
I am using Django 2.2 and I am stuck with the image upload functionality
from admin site. I am not able to get the image on my template.
Please help.
Thanks & Regards
LIPIKA CHANDEL
On Tue, Apr 30, 2019 at 11:57 AM Jani Tiainen wrote:
> I've have to agree that any attempt to limit
I've have to agree that any attempt to limit superuser creation through
manage.py is wrong solution to wrong problem.
Even it's possible to attempt it it is as easy to circumvent.
So do not give an access to manage.py to users that are not supposed to.
Problem solved for good.
ma 29. huhtik.
Anyone capable of running the createsuperuser command on your project most
probably has access to all and any of the project's files, specially your
config file.
Actually this user is either a valid su or you are in serious trouble
because the security of your server sucks or you gave access
Sometimes during development usually this particular suggestion might be
unnecessary. This might be useful in the case of production. As in if DEBUG
=True then the creation of the superuser should need approval from the
existing admins.
Regards,
*S P R*
On Mon, Apr 29, 2019 at 9:05 AM JJ
What if maybe after the command is run once it then is required to check a
list of approved subsequent admins before allowing creation of an account?
Some kind of list stored in the admin that is required to be populated
following the first admin, or maybe 3 admins?
On Sunday, April 28, 2019
All,
Curious what people think about more thought and control going into who can
run the createsuperuser method?
For example say there's models that I don't want anyone to touch except
myself as a superuser. Is it not plausible that even if I make a Django
Group around that model that someone
9 matches
Mail list logo