5 comments

[ 2.5 ms ] story [ 7.6 ms ] thread
fail2ban is good for this as well
That is an issue. But a more significant issue is Django's vulnerability to timing attacks.
Doesn't using bcrypt help with that, or do you mean something else?
I'm not aware of any timing attacks against Django.

If there are attacks that we should be aware of please be a good open source citizen and report them to `security@djangoproject.com`. We take security reports very seriously, and want very much to fix any issues that're disclosed!

[edit to clarify: I'm one of the lead developers of Django, and one of the members of the security team that gets emails sent to the `security@` alias.]