#16837: when logging in into the admin
--------------------------------+-------------------------------
Reporter: Wim Feijen <wim@…> | Owner: nobody
Type: Bug | Status: new
Milestone: | Component: contrib.admin
Version: 1.3 | Severity: Normal
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Easy pickings: 1
UI/UX: 0 |
--------------------------------+-------------------------------
When a user tries to login on the admin, with correct username &
password, but is_staff is set to False, the error message is
misleadingly wrong:
"Please enter a correct username and password. Note that both fields
are case-sensitive."
After discussion on django-developers:
http://groups.google.com/group/django-
developers/browse_thread/thread/c070dcd878a75a2b
a solution was proposed to have a general message in all cases, so
potential attackers cannot distinguish between the case where
username&password are right and is_staff = False versus the case where
username&password don't fit.
The message is:
"Username and password incorrect or access to this page is restricted".
as proposed by Adam Jenkins, with an added "is".
Although the global variable ERROR_MESSAGE does not seem to be used
anywhere else in django, I'll keep it as it is for now.
Gentlemen and ladies, now we need translations.
Wim
--
Ticket URL: <https://code.djangoproject.com/ticket/16837>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
