#10772: Password Reset exposes non-trivial security vulnerability
-------------------------------------+--------------------------------------
Reporter: fergusferrier | Owner: nobody
Status: closed | Milestone:
Component: Authentication | Version: 1.0
Resolution: invalid | Keywords: password reset token
Stage: Unreviewed | Has_patch: 0
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 0 |
-------------------------------------+--------------------------------------
Changes (by jacob):
* status: new => closed
* needs_better_patch: => 0
* resolution: => invalid
* needs_tests: => 0
* needs_docs: => 0
Comment:
Yeah. If an attacker has read access to your settings.py and your users
table you've got a lot more to worry about than them changing your users'
passwords.
--
Ticket URL: <http://code.djangoproject.com/ticket/10772#comment:1>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
