Hello, I added a custom password validator when creating a superuser account but my problem is, Django still can bypass the password. How can i remove it? Thank you!
Bypass password validation and create user anyway? [y/N]:
This is something that’s within the createsuperuser management command. This can only be invoked by someone with command line access to run django-admin / manage.py. Someone with that level of access to your system also has the ability to run shell or any number of other commands to directly interact with the database.
That means that anything you do to prevent this from the command-line can still be done if someone really wants to do it.
Yes you can remove it. You can edit the createsuperuser.py file in django.contrib.auth.management.commands. Or, if you don’t feel like editing your deployed version of Django, you can create a custom command named createsuperuser.py, and ensure that the app it resides in is before django.contrib.auth in your settings.py.
However, I don’t see the value in trying to do this. I don’t think you’re protecting yourself in any meaningful way.
1 Like
Thank you @KenWhitesell really appreciated!