Hi,
There exists ticket already in Trac:
https://code.djangoproject.com/ticket/21289
On 15.11.2017 13.07, Bernhard Posselt wrote:
Hi guys,
We've received a report from hackerone.com that our password change
and login forms are not protected against brute forcing passwords.
Since we re-use both the built-in password change and login form views
from Django it feels like rate limiting for these views should work
out of the box.
Using third-party extensions for this is certainly an option but I
already have trouble to upgrade to newer versions with my existing 7
django extensions and it feels like this feature should be implemented
for every Django installation that uses contrib.auth.
What are your thoughts on this?
regards
Bernhard Posselt
--
Jani Tiainen
--
You received this message because you are subscribed to the Google Groups "Django
developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/ea82dbf2-c098-6f75-9d89-56739aa4a5ce%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
