On Thu, Dec 17, 2009 at 2:30 PM, Tom <[email protected]> wrote: > Hello Everyone, > > I noticed that Django's contrib.auth doesn't provide a mechanism for > detecting a password brute force attack. This is necessary for a > couple projects I'm working so I have to implement some kind of > solution and would really like to do it in such a way that it could > get contributed back to the community. I'd like to propose possible > two variants to the way that system works and would appreciate > feedback.
Have you taken a look at Simon's work on the subject? http://github.com/simonw/ratelimitcache/ I'm using it with much success on some of my projects. It's definitely worth considering before doing a lot of extra work in another direction. hth, Paul -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
