On 07/08/2011 12:53 PM, Jacob Kaplan-Moss wrote:
Hi folks --
Also see http://simonwillison.net/2009/Jan/7/ratelimitcache/ for a
discussion of a similar technique built on top of memcached.
Jacob
Thanks for that link. There's some really good stuff in the comments.
I'm seriously considering adding a user-agent hash to this mix, to fix a
theoretical problem I've already imagined for my solution, namely
someone in my office locking our whole IP with potentially disastrous
effects to the rest of the company, requiring a supervisord restart to
wipe the in-memory database.
The solution itself is interesting, and powerful because it can be used
to decorate a view. However, as our app requires authentication for all
users, I'm not interested in any rate limiting per se -- just
anti-brute-force.
--
You received this message because you are subscribed to the Google Groups "Django
users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
