id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
7849	Admin site should authenticate before 404ing, to prevent detection of valid pages	anonymous	nobody	"This is a very trivial issue so feel free to ignore it, but:

It's possible to scope out the admin site structure by testing if a uri returns a login page or 404.

Would it be better to authenticate all requests, even if they result in a 404?

I suppose you'd just need to add a ""match all"" rule in the urls file and then return a 404 after authentication."		closed	contrib.admin	dev		fixed			Accepted	0	0	0	0	0	0