ecurity issue, and
have provided examples.
At this point, I'll absolutely never forget to check the is_staff flag
purely because I've been following this discussion. What I don't understand
is why there is such a huge opposition to the change.
--
Brian O'Connor
--
You receive
d have
> applied the same security measures in the first place. So yes, this
> most likely is not a security issue at all.
>
>
If your admin site is on a protected intranet, are we really trying to
protect against a brute force attack?
--
Brian O'Connor
--
You received this messag
e database, you allow the attacker to stop their attack short when they
find the a user with invalid permissions, and go to the next account.
This doesn't seem like enough benefit to justify having a confusing message
presented to legitimate users, at least in my opinion.
--
Brian O'C
' or something akin to that.
I'd like to see this fixed as well.
--
Brian O'Connor
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
>
> As an example of what I'm talking about -- #14262 is a manifestation
> of a use case that is undeniably simple: "get_function() as var". This
> pattern is used in several places in Django's own codebase.
To that end, I'm willing to be practical and concede that adding takes_context
> would
gt; probably not as easy for the crowds. The other is "easy-thumbnails".
>
> On Sep 16, 10:33 am, "Brian O'Connor" wrote:
> > I have absolutely no pull in decision making, but maybe my message will
> > count towards a "community voice".
> >
>
roups.com.
> > >> To unsubscribe from this group, send email to
> django-developers+unsubscr...@googlegroups.com
> .
> > >> For more options, visit this group athttp://
> groups.google.com/group/django-developers?hl=en.
>
> --
> You received this message because you a
bug.
> >
> > Yours,
> > Russ Magee %-)
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers" group.
> To post to this group, send email to django-develop...@googlegroups.com.
> To unsubscribe from this
jango core, going about it with the tone of "how could this not
already be in the core" probably won't buy you much. Proposing potential
solutions and starting relevant, well articulated discussions on the topic
might get the ball rolling in that direction though.
Just my $0.02.
-