Once newforms-admin hits you will be able to change that if you want(without hacking on the django source).
On Apr 13, 11:08 pm, meppum <[EMAIL PROTECTED]> wrote: > I simply meant that after a few failed password attempts the user is > not presented with a CAPTCHA or something. I'll keep all this in mind. > > On Apr 13, 11:54 pm, Malcolm Tredinnick <[EMAIL PROTECTED]> > wrote: > > > On Sun, 2008-04-13 at 20:36 -0700, meppum wrote: > > > I noticed that most django sites including djangoproject.com and even > > > curse.com allow their admin sites to be accessed through the web. This > > > seems like a bit of a security concern as someone could create a bot > > > to attempt to collect passwords. > > > > Is this common practice or am I wrong about the admin sites ability to > > > be cracked with brute force? > > > Django's admin is no more or less susceptible to brute force password > > cracking than any other site requiring a login. It's a function of good > > password choice, not whether something is visible via the web. > > > Malcolm > > > -- > > Why be difficult when, with a little bit of effort, you could be > > impossible.http://www.pointy-stick.com/blog/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
