Hi all, I wanted to revisit a key security discussion. Brute force attacks are the 7th most prevalent attack by number of incidents in the Web Hacking Incidents Database (http://projects.webappsec.org/w/ page/13246995/Web-Hacking-Incident-Database), which tracks publicly disclosed breaches in web application. This is ultimately because many applications do not have provisions to prevent brute-forcing. Django’s out of the box admin-site authentication is very awesome – so awesome, in fact, that inevitably people have and will continue to use it for more than just administrative users. Clearly Django takes authentication seriously. Can we revisit the idea of protecting against brute force authentication out of the box? (http:// groups.google.com/group/django-developers/browse_thread/thread/ 7559145e8c85d8c/b96c9a81e97f333b?lnk=gst&q=account +lockout#b96c9a81e97f333b). In particular, the idea of using throttling such as http://github.com/simonw/ratelimitcache/ or http://code.google.com/p/django-brutebuster/. Would you be willing to discuss further?
My development team is willing to contribute whatever is needed to get this done if you think it's fruitful -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
