> On 15 Aug 2017, at 12:18, Magnus Hagander <magnus@hagander.net> wrote:
>
> Here's an updated patch
In the below hunk, s/decicated/dedicated/:
+a decicated account, or use one of the third party sign-in systems below.
Without being terribly well versed in Django (or Python), the logic seems quite
reasonable to me on a read through/review.
> that does this. It will try in order:
> <firstname><lastinitial>, e.g. stephenf
> <firstinitial><lasdtname>,e.g. sfrost
> <firstname><lastinitial><number>, e.g. stephenf0, stephenf1, stephenf2 etc
How about a random number instead? Not that I see any immediate risk with
anything here, but many years of looking at logs from web attacks has taught me
that predictability is what is being tried first.
A big +1 on getting this functionality in.
cheers ./daniel
