On Nov 7, 2007 7:08 PM, James Bennett <[EMAIL PROTECTED]> wrote: > Which means that this basically boils down to an annoyance attack, > changing a user's password without their knowledge. But that's already > exposed to anyone who can guess the user's email address, so anyone > who simply wants to cause this sort of mischief already has a much > easier route to accomplish it.
Sent too soon; I was going to explain that this comes up in the password reset view, which simply accepts an email address and resets the account(s) associated with it. -- "Bureaucrat Conrad, you are technically correct -- the best kind of correct." --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---