User provided passwords are validated already: https://docs.djangoproject.com/en/3.0/topics/auth/passwords/#module-django.contrib.auth.password_validation
When using set_password directly, you as the programmer are responsible for ensuring the value you use for password is valid. Normally this means calling the functions detailed in "Integrating validation" beforehand. On Thu, 12 Mar 2020 at 15:55, '1337 Shadow Hacker' via Django developers (Contributions to Django itself) <django-developers@googlegroups.com> wrote: > I agree with Adam, but in this case it seems to pose a security risk in > case of user mistake, as such, raising a ValueError would have protect > against the mistake of passing empty passwords, unless you consider empty > passwords a feature of course in which case please dismiss my email. > > -- > You received this message because you are subscribed to the Google Groups > "Django developers (Contributions to Django itself)" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-developers+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-developers/9Xx6DvMQMWVWMRYMhbK-8nXfyPrNU_5ljWd-YuXeXRmz3_pnYXT6axEYrDBfW4K1v5OGEshIR2SDAeZxpnDBSk6SMLe4oeiwcrDMnz7xah4%3D%40protonmail.com > <https://groups.google.com/d/msgid/django-developers/9Xx6DvMQMWVWMRYMhbK-8nXfyPrNU_5ljWd-YuXeXRmz3_pnYXT6axEYrDBfW4K1v5OGEshIR2SDAeZxpnDBSk6SMLe4oeiwcrDMnz7xah4%3D%40protonmail.com?utm_medium=email&utm_source=footer> > . > -- Adam -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAMyDDM1dOh5wvYha%3D7vY%2Bub8ZvTScqdG-qxEbtntTBx8OALMgg%40mail.gmail.com.
