id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
26464	"Add a link to the OWASP Top 10 in ""Security in Django"" doc"	James	nobody	"Using incremental URLs (i.e. /comment/1 is the first comment and /comment/2 is the second comment, respectively for base 64 or other counting systems) is highly dangerous for private information. You could simply get all of the, say, private comments by accessing all comments sequentially and picking out the ones that are private. This can apply to confidential files (link sharing), personal information and more.

There should be a section in the ""Security in Django"" about this."	New feature	closed	Documentation	1.9	Normal	fixed			Ready for checkin	1	0	0	0	0	0