id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 16837 updated error message when logging in into the admin fails because is_staff is False Wim Feijen Wim Feijen "When a user tries to login on the admin, with correct username & password, but is_staff is set to False, the error message is misleadingly wrong: ""Please enter a correct username and password. Note that both fields are case-sensitive."" After discussion on django-developers: http://groups.google.com/group/django-developers/browse_thread/thread/c070dcd878a75a2b a solution was proposed to have a general message in all cases, so potential attackers cannot distinguish between the case where username&password are right and is_staff = False versus the case where username&password don't fit. The message is: ""Username and password incorrect or access to this page is restricted"". as proposed by Adam Jenkins, with an added ""is"". Although the global variable ERROR_MESSAGE does not seem to be used anywhere else in django, I'll keep it as it is for now. Gentlemen and ladies, now we need translations. Wim" Bug closed contrib.admin 1.3 Normal fixed Ready for checkin 1 0 0 0 1 0