Like with any brute force protection, it depends how paranoid you want it to be. You'd generate a hash of specific request parameters (such as session id, user agent, etc etc). All you'd need to do is add a new field next to ip called requesthash, then use unique_together on those two fields On 9 Jul 2011 13:47, "Kenneth Gonsalves" <[email protected]> wrote: > On Fri, 2011-07-08 at 12:03 -0400, Shawn Milochik wrote: >> I'm using IP instead of user because this prevents an attacker >> from >> inconveniencing a legit user or getting a "fresh start" just by >> guessing >> a different username. >> >> > > and what happens when you have a 100 users from the same LAN who all > have the same IP? > -- > regards > KG > http://lawgon.livejournal.com > Coimbatore LUG rox > http://ilugcbe.techstud.org/ > > -- > You received this message because you are subscribed to the Google Groups "Django users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to [email protected]. > For more options, visit this group at http://groups.google.com/group/django-users?hl=en. >
-- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
