It's too late for an easy string change, but I think the fix for this problem should probably be to append something to the effect of "or you don't have permission to log in here." to that message.
If an attacker is brute forcing logins, providing a nondescript error message here makes life harder. -Paul -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
