#16837: when logging in into the admin --------------------------------+------------------------------- Reporter: Wim Feijen <wim@…> | Owner: nobody Type: Bug | Status: new Milestone: | Component: contrib.admin Version: 1.3 | Severity: Normal Keywords: | Triage Stage: Unreviewed Has patch: 0 | Easy pickings: 1 UI/UX: 0 | --------------------------------+------------------------------- When a user tries to login on the admin, with correct username & password, but is_staff is set to False, the error message is misleadingly wrong: "Please enter a correct username and password. Note that both fields are case-sensitive."
After discussion on django-developers: http://groups.google.com/group/django- developers/browse_thread/thread/c070dcd878a75a2b a solution was proposed to have a general message in all cases, so potential attackers cannot distinguish between the case where username&password are right and is_staff = False versus the case where username&password don't fit. The message is: "Username and password incorrect or access to this page is restricted". as proposed by Adam Jenkins, with an added "is". Although the global variable ERROR_MESSAGE does not seem to be used anywhere else in django, I'll keep it as it is for now. Gentlemen and ladies, now we need translations. Wim -- Ticket URL: <https://code.djangoproject.com/ticket/16837> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com. To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-updates?hl=en.