On 7.3.2011 г. 22:09 ч., Eric Hutchinson wrote:
I would just like to point out that a lot of my users all are behind
various nats, so my webapp typically sees only a few ips that have
valid users on them, and i have users whom i have to remind of their
password on a daily basis. it could lead to a couple of dozen people
being throttled for one person who doesn't know their caps key being
lit up green is why their password isn't working
i'm not saying this is a situation the default should take care of,
but something to keep in mind when designing any backend classes, so
that just the bit that determines the cache key or whatever should be
override-able.
I believe that a block against the combo IP+Usrname takes care of this
problem. It is enough to block most of the non-distributed attacks
(unless the attacker is bruteforcing thousands of usernames), and it
would provide significant resistance against distributed attacks as well.
--
Best Regards,
Emil Filipov
Cyber Security Consulting Ltd.
http://csc.bg
--
You received this message because you are subscribed to the Google Groups "Django
developers" group.
To post to this group, send email to django-developers@googlegroups.com.
To unsubscribe from this group, send email to
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
