Comments (4)
I have a similar issue but instead of "blank values" being the issue, it's the more general "invalid values". Right now, if someone posts a form with invalid data, the server returns errors and then the user has a chance to post again ... but since it's ratelimited they fix the values and then it fails.
I have a bug to rewrite the code for the view, but I haven't figured out how to use the is_ratelimited
helper in a way that lets me check to see if it's already rate limited (no side-effects) and if not, then does the view code and at the end of everything updates the rate limiting counters.
I don't think an arg for the ratelimit decorator to count empty values is a good idea, but it'd help to separate the check-and-update stages to before and after the view executes with maybe some "should we update?" check.
from django-ratelimit.
I disagree that it's clear that you'd only ratelimit valid-but-wrong or invalid. Validation itself may be slow. If I'm, for example, protecting a password form, and password checking is a slow, CPU-/memory-bound process (as it should be) then submitting a ton of values is a DOS vector—it's not just an issue of account protection.
@willkg is_ratelimited(increment=False)
@bitcity This is why block=False
is the default. For a login form, it's almost certainly better to add a CAPTCHA or some other passable check rather than blocking a user entirely. If you block them entirely, I can stop them from logging in by sending a bunch of phony attempts with their username.
from django-ratelimit.
More broadly, pulling out utils.is_ratelimited
is specifically to enable users to do more complicated logic around what should count as "an attempt".
from django-ratelimit.
@willkg is_ratelimited(increment=False)
Hot diggity dog! You're the best!
from django-ratelimit.
Related Issues (20)
- [catchup] Drop Python 2 support HOT 1
- [catchup] Test against modern Django HOT 1
- Automate releases
- Change default value of block kwarg
- Update package config to pyproject.toml
- `mixins.py` removed from `4.0` HOT 1
- Wrong project link on pypi HOT 4
- Unable to rate-limit on arg/kwarg value HOT 2
- Support for Django's built in `RedisCache` cache backend
- get_usage on class based view
- Expire time of Multiple ratelimit on same view not seem correct.
- Incorrect homepage link on PyPI HOT 2
- Feature request: Attach information about rate-limit violations to request object for use in custom middleware
- Blacken Codes HOT 1
- Add async support? HOT 18
- Add a configurable cache key timeout
- Add informational headers for rate-limit HOT 4
- Wrong Status Code HOT 1
- Alias function for is_ratelimited HOT 2
- Documentation for custom get_usage / is_rate_limited needed. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-ratelimit.