#20495: add login failure events to django.security logger --------------------------------------+------------------------------------ Reporter: ptone | Owner: nobody Type: Cleanup/optimization | Status: closed Component: contrib.auth | Version: master Severity: Normal | Resolution: wontfix Keywords: | Triage Stage: Accepted Has patch: 1 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 0 Easy pickings: 0 | UI/UX: 0 --------------------------------------+------------------------------------
Comment (by timgraham): Monitoring logging and manually handling brute force login attempts doesn't seem like a common (or scalable) solution. As I mentioned in a previous comment, the `user_login_failed` signal allows a developer to implement whatever logic, logging or otherwise, that they like. For your use case of logging the IP addresss, etc., one problem is that the `HttpRequest` isn't available in the signal, however, that should be possible to add as discussed in #23155. If you find consensus on the DevelopersMailingList to add some default logging, we can reopen the ticket. -- Ticket URL: <https://code.djangoproject.com/ticket/20495#comment:19> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/063.8ee3c00958b99bb8591665cee0d1cb18%40djangoproject.com. For more options, visit https://groups.google.com/d/optout.