[2] https://docs.djangoproject.com/en/1.4/topics/security/#id1
On Thursday, August 30, 2012 8:39:26 AM UTC-7, brian wrote:
I want a brute force protector for logins that will:
block based on username(eventually add ip)
store info about failed login to db(username, pwd, user-agent, etc)
When locked will tell user that they are locked out
I looked at the following apps:
http://code.google.com/p/
django-brutebuster/ In decorators.py the method returns None when locked so the user gets the "Please enter a correct username and password. Note that both fields are case-sensitive". I want the user to know the account is locked out.https://github.com/alexkuhl/
django-failedloginblocker In decorators.py the method raises an exception which means if debug=False the user will see a 500 error.http://code.google.com/p/
django-axes/ This doesn't include the user (has ip and user-agent). In decorators.py I'm not sure how to get the user name. Also I'm concerned about the approach of trying to log someone in and then logging them out if the account is locked. I like the approaches of #1 and #2 where they first check if the account is locked before trying to log them in.For #1 and #2 I looked into adding the error to the form and I found this post Django - Error Message in Custom Auth Backend that says overwrite django.contrib.auth.forms.
AuthenticationForm but I'm not sure how to incorporate the new form in the apps. Does anyone have suggestions about writing a brute force protector that will do the things I want?
I posted this on stackoverflow but didn't get a response.
Brian
You received this message because you are subscribed to the Google Groups "Django users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/UxXiAVZKxe0J.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
No comments:
Post a Comment