Re: [web2py] Re: making changes in web2py

[Timothy Farrell]

+1 for anti-brute-forcing
-1 for having to edit a pickled file to remove the offending IP.
Surely you guys have used a broken keyboard before and typed in a 
password 10 times before realizing that your keyboard is broken.

I recommend locking it out for a time period.  You could add a value to 
the cache for that specific IP address and put an expiration on it.  So 
long as the cache has not lockout value for that IP, then let it login.

-tim

On 2/3/2010 11:52 PM, mdipierro wrote:
I agree. I would take this path.

On Feb 3, 11:38 pm, Thadeus Burgess<thade...@thadeusb.com>  wrote:
   
-1 for admin username
+1 for anti-brute-forcing. If incorrect password typed 3 times, ban
the IP permanently until you log into ssh and edit a pickled file.

-Thadeus

On Wed, Feb 3, 2010 at 7:07 PM, mdipierro<mdipie...@cs.depaul.edu>  wrote:
     
I am confused. appadmin does not requires any. appadmin, by default,
required admin (perhaps you refer to that). appadmin predates auth. If
your app needs a more complex appadmin authentication you should
connect to the auth of the app.
       
     
admin does not no need more than a passoword because there is a single
user (administrator) and because it should not relay on the presence
of a database.
       
     
On Feb 3, 3:22 pm, Wes James<compte...@gmail.com>  wrote:
       
On Wed, Feb 3, 2010 at 1:48 PM, mdipierro<mdipie...@cs.depaul.edu>  wrote:
         
     
<snip>
         
     
By the way  Massimo, will you take a patch to add a username to
appadmin?  If not, I'm learning a few things on the way, anyway.
             
     
please explain more.
           
     
appadmin only uses a password to login.  I'm putting in a username too
so it requires a username and password to log in to appadmin.
         
     
<snip>
         
     
-wes
         
     
--
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To post to this group, send email to web...@googlegroups.com.
To unsubscribe from this group, send email to 
web2py+unsubscr...@googlegroups.com.
For more options, visit this group 
athttp://groups.google.com/group/web2py?hl=en.
       

     
   

--
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To post to this group, send email to web...@googlegroups.com.
To unsubscribe from this group, send email to 
web2py+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/web2py?hl=en.