Il 15/11/2017 12:07, Bernhard Posselt ha scritto:
Hi guys,
We've received a report from hackerone.com that our password change and login
forms are not protected against brute forcing passwords. Since we re-use both
the built-in password change and login form views from Django it feels like rate
limiting for these views should work out of the box.
Using third-party extensions for this is certainly an option but I already have
trouble to upgrade to newer versions with my existing 7 django extensions and it
feels like this feature should be implemented for every Django installation that
uses contrib.auth.
What are your thoughts on this?
Is there anything wrong on doing rate limit on the http proxy? There are good
chances it's already implemented there.
--
Riccardo Magliocchetti
@rmistaken
http://menodizero.it
--
You received this message because you are subscribed to the Google Groups "Django
developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/91b95aaa-bf49-182f-f2e3-2cf571397da0%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
