Hi guys,
We've received a report from hackerone.com that our password change and
login forms are not protected against brute forcing passwords. Since we
re-use both the built-in password change and login form views from
Django it feels like rate limiting for these views should work out of
the box.
Using third-party extensions for this is certainly an option but I
already have trouble to upgrade to newer versions with my existing 7
django extensions and it feels like this feature should be implemented
for every Django installation that uses contrib.auth.
What are your thoughts on this?
regards
Bernhard Posselt
--
You received this message because you are subscribed to the Google Groups "Django
developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/7f879db4-1ac7-734d-28d9-952376852db8%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
