是否需要添加reCaptcha以构建Django的登录表单? [英] Is it needed to add reCaptcha to built in Django's login form?
问题描述
您好我是Django的新手,我使用Django内置的表单登录我的用户,同时我也有一个联系表单,我正在使用Google reCaptcha避免攻击。
我想知道是否需要将reCaptcha添加到我的登录表单中。我听说Django关心大部分安全性,如果默认登录表单已准备好进行暴力攻击,我不想重复代码。
如果它更好将reCaptcha添加到默认登录表单中如何处理验证?在我的联系表单中,我调用Google的API来验证用户在我的视图中单击,但我觉得在auth_views.LoginView类中添加该代码并不舒服。
谢谢!
Django不会考虑任何限制其形式的操作,包括登录。
我认为在您的登录表单中包含某种限速安全措施是一个好主意。除非在一段时间内有多次不正确的尝试,否则重新验证码可能会过度杀伤。
查看 Django rate-limit 项目,可以轻松实现替代captcha。
为了将reCaptcha添加到登录视图中,而不是修改 auth_views.LoginView 类,只需创建一个扩展该类的新视图。您可以添加您的recaptcha表单验证,就像在您的联系表单中一样。
然后,您可以更新您的网址以指向您的自定义视图和模板:
url(r'^ login / $',custom_auth_views.recaptcha_login,{'template_name':'core / recaptcha_login.html'},name ='login '),
请参阅这篇文章介绍如何扩展登录视图/模板。 b $ b
Hello I'm new to Django and I'm using Django's built in forms to login my users, also I have a contact form where I'm using Google reCaptcha to avoid attacks.
I was wondering if it is needed to add reCaptcha to my login form. I have heard Django takes care most of security and I don't want to repeat code if default login form is already prepared for brute force attacks.
In case its better to add reCaptcha to default login form how can I process the validation? In my contact form I call Google's API to verify user click within my views, but I don't feel comfortable adding that code inside the auth_views.LoginView class.
Thanks!
Django does not take care of any rate-limiting with its forms, including login.
I think that it is a good idea to include some sort of rate-limiting security measure to your login form. re-Captcha might be overkill as a default, unless there are several incorrect attempts within a timeframe.
Take a look at the Django rate-limit project for an easy to implement alternative to captcha.
In order to add reCaptcha to the login view, rather than modifying the auth_views.LoginView class, just create a new view that extends that class. You can add your recaptcha form validation just like in your contact form.
Then you can update your url to point to your custom view and template:
url(r'^login/$', custom_auth_views.recaptcha_login, {'template_name': 'core/recaptcha_login.html'}, name='login'),
See this post on how to extend the login views / templates.
这篇关于是否需要添加reCaptcha以构建Django的登录表单?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
