To re-iterate, you would get this message iff you have the correct credentials for an end user who is not an admin user. You seem to be referring to Response Information Discrepancy Information Exposure (http://cwe.mitre.org/data/definitions/204.html) which is generally about differentiating between incorrect user-name versus incorrect password. The security benefit here is negligible since the only scenario it protects against is when an attacker who can access the admin interface is either unaware or unwilling to try the same attack on the end user interface.
On Mar 14, 11:09 am, Juan Pablo Martínez <jpm...@gmail.com> wrote: > I dont think so. > If I dont know the username and password I > can also try username and password and wait for the system > to send another different error message. then I get valid credentials. > > 2011/3/14 artemy tregubenko <m...@arty.name> > > > is visible only -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
