BlackRed¶
BlackRed is a dynamic blacklisting library using Redis as a fast and reliable storage backend.
How does it work?¶
Example: A user tries to log on a system and fails because of bad credentials or an inactivated account. This failure can be recorded with BlackRed. After three failures within a certain time the account gets locked for an extended period of time. This limits brute force attacks. All time periods are configurable.
In a desktop application you would record the username in question with BlackRed. In a web environment, the requester’s IP address would be the perfect.
In the redis database, two lists are kept: A watchlist that records the failures, and the blacklist that contains blocked items.
Requirements¶
BlackRed runs only under Python 3.3, 3.4, 3.5 and PyPy3. There’s no support for Python 2.
The only thing BlackRed needs is the redis package >= 2.10.
Jump Start¶
Installation can be done with pip install blackred
. Usage is as easy, here an example for a simple user login:
import blackred
def login(username, password, request_ip):
br = blackred.BlackRed()
if br.is_blocked(request_ip):
return False
if not authenticate(username, password):
br.log_fail(request_ip)
return False
return True
More examples: Example Usage.
Usage¶
API Documentation¶
Links¶
- Author: Juergen Edelbluth, https://juergen.rocks/, @JuergenRocks
- Build Status: https://travis-ci.org/edelbluth/blackred
- Project Homepage: https://github.com/edelbluth/blackred
- PyPi Page: https://pypi.python.org/pypi/blackred
- German Description (for 0.2 version): https://juergen.rocks/art/mit-blackred-benutzer-logins-absichern.html
- Documentation (this one): https://blackred.readthedocs.org/index.html