Re: A password and a last_login field ?

On Tue, Aug 6, 2013 at 8:27 PM, l33t <adroit.goose@gmail.com> wrote:

Hello,

When I create a custom user model with AbstractBaseUser, a password and a last_login field is automatically generated which I am not using.

How can I explicitly instruct not to create these fields while creating a table in the database?.

Also, is there any specific use of this?.

Yes, there is a specific use for both these fields.

The password field is required on the basis that password authentication is hard to get right, and we don't want Django to get a bad reputation as a result of people implementing poor password schemes. 

The last_login field is required as part of the password reset infrastructure -- we need to have a tag that changes when you successfully log in, invalidating any outstanding password reset tokens. 

We've enforced these two fields because they're the bare minimum you need in order to ensure you have a well secured user account system. You don't have to use those columns if you don't want them… but if you don't have a password, then people aren't going to be logging into your accounts, so you really don't need a User account.

Yours,

Russ Magee %-)

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
For more options, visit https://groups.google.com/groups/opt_out.