I'm not sure something like this should live inside Django proper. There is nothing to guarantee that a user model will have an email address even though the standard builtins do. I'd feel better about having this functionality provided by a library, maybe even by django-registration which we're considering taking under the django organisation on github anyway. Of course, requiring a library to provide this feature means most users won't use it. That'd be the major trade off.
Cheers On Monday, 16 November 2015 00:46:56 UTC+11, Daniele Procida wrote: > > I've been discussing with Florian on IRC a suggestion for improved account > security. > > On many sites, you will get a message a message like this: > > >Hello evildmp, > > > >We wanted to let you know that your GitHub password was changed. > > > >If you did not perform this action, you can recover access by entering > >dan...@vurt.org <javascript:> into the form at > https://github.com/password_reset. > > > >To see this and other security events for your account, visit https:// > >github.com/settings/security. > > > >If you run into problems, please contact support by visiting https:// > >github.com/contact or replying to this email. > > (In fact my gumtree.com account was compromised, and this mechanism is > how I learned about it, and was able to alert Gumtree and have a fraudulent > advertisment removed from my account within minutes). > > A similar thing would be valuable in Django, to help improve the security > of all Django accounts and sites. > > I am not sure how it could or should be implemented; Florian suggests as > part of a more general audit framework. > > On a related matter, my djangoproject.com account has an associated email > address (not the same one as at code.djangoproject.com) but I don't think > I am able to change that. > > Daniele > > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/2b7b8e77-0188-41d6-b518-3c31d56c865a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
