> > > It shouldn't happen, but it could. It's an office or it's a warehouse, > > people could work with the same user and/or (above all) people may > > work on the same machine...so they should pay attention on what they > > do...but even no. > > > Just an example when the problem can occurs: > > The djangoapp has more users, some of these have privileges to access > > the django-admin to change some user permissions > > > With just one opened browser window the user U1 (not superuser/staff) > > is logged on, then going on the django-admin (in a new window because > > the link opened there, or jsut the user opened a new window by himself > > or whatever) a login is required. Logging on with a different user, > > the first window still seems (especially when the whole application is > > ajax based) to use the U1 user and something of not expected (to the > > user) may occurs. > > > I understand it's normal, the end-user may not. > > In which case the solution is to instruct them not to share logins, > which they would have to do to experience those problems. > > I agree it can be a pain when they do that, but if they are so > unsophisticated that they let two different users interact with the > system through a single login account they must expect trouble with > authenticated systems. > > As is so often the case, education is the answer. And, as is so often > the case, the users would rather sacrifice security for convenience > (then make it the system designer's fault when they realize they can't > have both). > > regards > Steve > > -- > DjangoCon US 2010 September 7-9http://djangocon.us/
100% agree! If it were for me the thing would have already been stopped here! :D -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
