#20495: add login failure events to django.security logger
--------------------------------------+------------------------------------
Reporter: ptone | Owner: nobody
Type: Cleanup/optimization | Status: closed
Component: contrib.auth | Version: master
Severity: Normal | Resolution: wontfix
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
Comment (by timgraham):
Monitoring logging and manually handling brute force login attempts
doesn't seem like a common (or scalable) solution.
As I mentioned in a previous comment, the `user_login_failed` signal
allows a developer to implement whatever logic, logging or otherwise, that
they like. For your use case of logging the IP addresss, etc., one problem
is that the `HttpRequest` isn't available in the signal, however, that
should be possible to add as discussed in #23155.
If you find consensus on the DevelopersMailingList to add some default
logging, we can reopen the ticket.
--
Ticket URL: <https://code.djangoproject.com/ticket/20495#comment:19>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/063.8ee3c00958b99bb8591665cee0d1cb18%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
