1. I don't see much benefit to adding a max length for one form
(AuthenticationForm) to give some sense of security as opposed to properly
addressing the issue at the webserver level. As Paul said, "As documented
in the deployment docs, it is your responsibility as the deployer to limit
post bo
The default auth.form.AuthenticationForm() did not set a max_length for the
password field:
https://github.com/django/django/blob/72f6513ebaa7a3fd43c26300e9a8c430dc07cdb5/django/contrib/auth/forms.py#L120-L126
Ok there is not really a max_length constraint. Because in the end the
auth.models
