id,summary,reporter,owner,description,type,status,component,version,severity,resolution,keywords,cc,stage,has_patch,needs_docs,needs_tests,needs_better_patch,easy,ui_ux 16837,updated error message when logging in into the admin fails because is_staff is False,Wim Feijen ,Wim Feijen,"When a user tries to login on the admin, with correct username & password, but is_staff is set to False, the error message is misleadingly wrong: ""Please enter a correct username and password. Note that both fields are case-sensitive."" After discussion on django-developers: http://groups.google.com/group/django-developers/browse_thread/thread/c070dcd878a75a2b a solution was proposed to have a general message in all cases, so potential attackers cannot distinguish between the case where username&password are right and is_staff = False versus the case where username&password don't fit. The message is: ""Username and password incorrect or access to this page is restricted"". as proposed by Adam Jenkins, with an added ""is"". Although the global variable ERROR_MESSAGE does not seem to be used anywhere else in django, I'll keep it as it is for now. Gentlemen and ladies, now we need translations. Wim",Bug,closed,contrib.admin,1.3,Normal,fixed,,,Ready for checkin,1,0,0,0,1,0