Again: this change does not compromise security, because it's effect is
visible only *after* security is compromised: when attacker has valid
username and password for the site.
I understand that the "correct" message is another, but I do not see
why it has to amend the current when the change is more vulnerable end
up leaving the system.
To me what should be discussed now is not whether to put the correct
message or not (because that is "correct "), you should discuss
whether to allow changes made in some way, compromise security.
--
arty ( http://arty.name )
--
You received this message because you are subscribed to the Google Groups "Django
developers" group.
To post to this group, send email to django-developers@googlegroups.com.
To unsubscribe from this group, send email to
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
