| Age | Commit message (Collapse) | Author |
|
sending fails.
On successful submission of a password reset request, an email is sent
to the accounts known to the system. If sending this email fails (due to
email backend misconfiguration, service provider outage, network issues,
etc.), an attacker might exploit this by detecting which password reset
requests succeed and which ones generate a 500 error response.
Thanks to Thibaut Spriet for the report, and to Mariusz Felisiak, Adam
Johnson, and Sarah Boyce for the reviews.
|
|
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
Co-authored-by: duranbe <benoit.durand.mail@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
This also removes remaining versionadded/changed annotations for older
versions.
|
|
context value.
|
|
|
|
|
|
Thanks to Petter Strandmark for the original idea and Mariusz Felisiak
for advice during the DjangoConUS 2022 Sprint!
|
|
|
|
appropriate.
|
|
Moved how-to material from topic document into a new document, and
added new material. Introduced minor improvements to logging
reference document.
|
|
This is useful when working with database routing as you want to know
where each query is being executed.
Co-authored-by: David Winterbottom <david.winterbottom@gmail.com>
|
|
Completed a first step in moving reference and how-to material out of
the topic document.
|