#15619: Logout link should be a form
------------------------------------------------+----------------------
Reporter: void | Owner: nobody
Status: closed | Milestone:
Component: django.contrib.admin | Version: SVN
Resolution: wontfix | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 |
------------------------------------------------+----------------------
Comment (by lukeplant):
The point Russell was making was that 'SHOULD NOT' is not the same as
'MUST NOT'. In practice, while being logged out by a 3rd party might be a
nuisance, in general the attackers will gain extremely little except ill-
will, and therefore there is little motivation to exploit this, and fairly
trivial consequences if they do.
--
Ticket URL: <http://code.djangoproject.com/ticket/15619#comment:3>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
