Document limitations of django.contrib.auth
|Reported by:||aaugustin||Owned by:||nobody|
|Cc:||Triage Stage:||Ready for checkin|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
django.contrib.auth aims to be very generic and doesn't provide some features commonly found in web authentication systems:
- password strength checking: requirements depend very much on the context.
- throttling of login attempts: possible with a custom auth backend, for example https://github.com/brutasse/django-ratelimit-backend (I haven't audited that code)
- external auth providers: possible with a custom auth backend, there are several third-party apps providing this feature.
The documentation should point out that these features aren't implemented to raise awareness.
Change History (6)
Changed 2 years ago by timo
comment:1 Changed 2 years ago by timo
- Has patch set
- Triage Stage changed from Unreviewed to Accepted
comment:3 Changed 2 years ago by Tim Graham <timograham@…>
- Resolution set to fixed
- Status changed from new to closed