Good evening,
I have been studying the django built-in user auth system over the last few days The official documentation states :
"That’s the basic authentication backend that checks the Django users database and queries the built-in permissions. It does not provide protection against brute force attacks via any rate limiting mechanism. You may either implement your own rate limiting mechanism in a custom auth backend, or use the mechanisms provided by most Web servers."
The django rest framework module, offers the possibility to use the included throttling options, to mitigate this
When not using DRF, it appears to me there is no such throttling built-in control included into raw django projects. I have found several packages offering to do this, but not officially supported
I would love to know if pythonanywhere is implementing any default mechanism to address this ? Or if it is possible to customize it somehow ?
Regards