On Sun, 2008-04-13 at 20:36 -0700, meppum wrote: > I noticed that most django sites including djangoproject.com and even > curse.com allow their admin sites to be accessed through the web. This > seems like a bit of a security concern as someone could create a bot > to attempt to collect passwords. > > Is this common practice or am I wrong about the admin sites ability to > be cracked with brute force?
Django's admin is no more or less susceptible to brute force password cracking than any other site requiring a login. It's a function of good password choice, not whether something is visible via the web. Malcolm -- Why be difficult when, with a little bit of effort, you could be impossible. http://www.pointy-stick.com/blog/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
