2

I've using django 1.4. When creating a new user, it saves plain password. Is there a setting for it so when saving a user, the password is saved encrypted?

EDIT

I'm simply using the built-in admin functionality to add a user. Nothing fancy - just the built in auth module and the user form that is automatically created in admin.

More Edit

I required some custom field so I've used a custom class:

class UserForm(forms.ModelForm):
    class Meta:
        model = User
    ...
    ...
Alasdair
  • 298,606
  • 55
  • 578
  • 516
wasimbhalli
  • 5,122
  • 8
  • 45
  • 63

1 Answers1

10

You should use the create_user manager method when creating users.

If you're creating custom forms, subclass one of the UserCreationForm or UserChangeForm. If you're creating a custom ModelAdmin, then subclass UserAdmin. Otherwise you'll have to re-implement the password hashing functionality yourself.

Note that the password will be hashed, not encrypted (i.e. you can't decrypt it).

Alasdair
  • 298,606
  • 55
  • 578
  • 516
  • but doesn't django admin should do this by default. i.e. to hash password when creating new user? I'm using the default form in admin for creating user – wasimbhalli Sep 14 '12 at 13:22
  • 1
    The Django admin's model forms for the `User` model do the hashing by default. You have replaced these with a subclass of `forms.ModelForm`, and lost that functionality. – Alasdair Sep 14 '12 at 14:58