Suppose I'm an attacker. I have obtained valid username and password. I
tried those on main site and it worked. I tried those on admin site and it
didn't work. I understand that is_staff=False for this user. This is open
information.
Yet some people try to hide this open information from good users.
That's a very common error in security efforts: make life of good people
harder while nothing changes for bad guys.
That's fine. Why give more information than necessary?
You can not enter and that's it.
This is not an error because it is done so on purpose.
Less is more.
--
arty ( http://arty.name )
--
You received this message because you are subscribed to the Google Groups "Django
developers" group.
To post to this group, send email to django-developers@googlegroups.com.
To unsubscribe from this group, send email to
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
