Why if upgrader can be called only once, what harm will do of someone else will call upgrader, if you want to prevent from brute force you should add this into login not upgrader. Better is to add limits of 3 fails, but this kind of thing is only added in very strong authentications system like PIN in the bank. I don't think I ever see login with captcha in it.
It can start session and save number of fail login into session and if you want to login you need to have php session already enabled. On Thu, 29 Mar 2012 09:07:20 -0000 rg1024 <[email protected]> wrote: > This is not a bug. > I added captcha to protect upgrader from force brute force attacks. > > ** Changed in: aikiframework > Status: New => Invalid > -- Jakub Jankiewicz twitter: @jcubic www: http://jcubic.pl -- You received this bug notification because you are a member of Aiki Framework Developers, which is subscribed to aikiframework. https://bugs.launchpad.net/bugs/968059 Title: Captcha should be removed from upgrader Status in Aiki Framework: Invalid Bug description: Captcha is for fighting spam in places where user can add stuff, like comments post register etc. you don't put captcha into login. To manage notifications about this bug go to: https://bugs.launchpad.net/aikiframework/+bug/968059/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~aikiframework-devel Post to : [email protected] Unsubscribe : https://launchpad.net/~aikiframework-devel More help : https://help.launchpad.net/ListHelp
