Since you mention passwords specifically, I think this conversation is related to #16860. Throttling of passwords / adding captchas definitely falls under that ticket.
https://code.djangoproject.com/ticket/16860 We probably should include a more general rate limiting framework (or at the very least, better instructions for configuring this in common webservers). Unfortunately, how to do this well is a REALLY hard problem. There's django-axes as well as Simon Willison's ratelimitcache. Neither of them are perfectly ideal. The bigger problem is that ANY rate-limiting framework is going to need At the moment, if your login field is not rate-limited, that is a configuration mistake which is between you and your webserver, and is not within the realm of what Django tries to do. We need to be careful not to re-implement functionality that is better left to other parts of the stack. -Paul On Thu, Sep 29, 2011 at 4:05 PM, Wim Feijen <[email protected]> wrote: > Thanks guys for the support. > > For reference, there is a previous thread "Brute force attacks", here: > http://groups.google.com/group/django-developers/browse_thread/thread/71877ef02fb7c054/0b44e048b5bf4b77 > > Which does not mention captcha's btw. > > Luke, I'll think about it, but it will take some time; thanks for the > guidance. > > Wim > > -- > You received this message because you are subscribed to the Google Groups > "Django developers" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/django-developers?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
