If I'm a smart attacker, I will pay attention to the error message I get back from my failed login attempts.
If you're a smart attacker, you won't bruteforce credentials for admin site, you will bruteforce credentials for main site. This way you'd get much more credentials, if credentials for main site are good enough for you.
If credentials for main site aren't good enough and you need credentials for admin site then yes, you'd bruteforce admin site, but you won't in any way benefit from knowing that some credentials are ok for main site only.
-- arty ( http://arty.name ) -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
