On Mar 30, 2:37 am, "James Bennett" <[EMAIL PROTECTED]> wrote:
> I guess I'm not sure what's meant by "securing" here; accessing > anything in the admin app requires the user to be authenticated and > marked as staff first. And there's really no harm in someone stumbling > across the admin login page, so I'm not sure what the point of hiding > it would be other than to try to layer obscurity where it's not really > needed (and if you wanted to do that you should just make all your URL > patterns end in '.aspx' or something... ;)). My reasonning was that a script-kiddy familiar with Django would know that there is usually an admin site at /admin/ and could try a brute- force attack against it; if nothing else, this could cripple webserver performance. It is just 'security through obscurity', agreed; but it takes only a second to implement :-) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
