Hi all, I'm using django-registration to handle logins, registrations etc. It is very handy and easy to set up, but allows unlimited login attempts, and thus people can brute-force any django-application!
So far I've been using fail2ban to ban users that brute force passwords. I would be interested to hear how you handle this from within django! Are you aware of some patch/code or blog entry where I can find more information? (Obviously this affects all django projects, not only django-registration ) Best regards, Markos -- Under the paving stones, the beach --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
