I think some people seem to be confused about what is being asked for. I think the suggestion is that you should get this new "not an admin account" message iff the provided username _and_ password are correct. If you don't have permission, but provide an incorrect password, then you still get the old message.
That way, you can only gain more information than with the current system when you have both a username and correct password. If an attacker has that information, then frankly, it's too late to be thinking about how to make things more secure. Regards, Peter -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
