Document limitations of django.contrib.auth
django.contrib.auth aims to be very generic and doesn't provide some features commonly found in web authentication systems:
- password strength checking: requirements depend very much on the context.
- throttling of login attempts: possible with a custom auth backend, for example https://github.com/brutasse/django-ratelimit-backend (I haven't audited that code)
- external auth providers: possible with a custom auth backend, there are several third-party apps providing this feature.
The documentation should point out that these features aren't implemented to raise awareness.
Change History
(6)
| Has patch: |
set
|
| Triage Stage: |
Unreviewed → Accepted
|
| Triage Stage: |
Accepted → Ready for checkin
|
| Resolution: |
→ fixed
|
| Status: |
new → closed
|
Typo: "implmented". Otherwise that looks good!