Re: throttling login attempts to avoid brute force attacks

On 07/08/2011 12:53 PM, Jacob Kaplan-Moss wrote:
> Hi folks --
>
> Also see http://simonwillison.net/2009/Jan/7/ratelimitcache/ for a
> discussion of a similar technique built on top of memcached.
>
> Jacob
>

Thanks for that link. There's some really good stuff in the comments.
I'm seriously considering adding a user-agent hash to this mix, to fix a
theoretical problem I've already imagined for my solution, namely
someone in my office locking our whole IP with potentially disastrous
effects to the rest of the company, requiring a supervisord restart to
wipe the in-memory database.

The solution itself is interesting, and powerful because it can be used
to decorate a view. However, as our app requires authentication for all
users, I'm not interested in any rate limiting per se -- just
anti-brute-force.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.