#32349: unable to obtain auth template password_reset_done when using namespaced
urls
---------------------------------+---------------------------------------
Reporter: James Miller | Owner: jhabarsingh
Type: Bug | Status: assigned
Component: Template system | Version: 3.1
Severity: Normal | Resolution:
Keywords: password_reset | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
---------------------------------+---------------------------------------
Comment (by James Miller):
I can confirm that removing any namespace leaves the django.contrib.auth
views etc working.
This should be a security concern, as it means that most django sites, if
not all, will not have namespaced auth interaction. With individual per
app namespaces, the chances of succesful hacking are reduced, as the
hacker has to know the namespace name to be able to know the path to auth.
--
Ticket URL: <https://code.djangoproject.com/ticket/32349#comment:7>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/074.cdadf80111b2b61a3a186419af3b8baa%40djangoproject.com.
