+1 for anti-brute-forcing
-1 for having to edit a pickled file to remove the offending IP.
Surely you guys have used a broken keyboard before and typed in a
password 10 times before realizing that your keyboard is broken.
I recommend locking it out for a time period. You could add a value to
the cache for that specific IP address and put an expiration on it. So
long as the cache has not lockout value for that IP, then let it login.
-tim
On 2/3/2010 11:52 PM, mdipierro wrote:
I agree. I would take this path.
On Feb 3, 11:38 pm, Thadeus Burgess<thade...@thadeusb.com> wrote:
-1 for admin username
+1 for anti-brute-forcing. If incorrect password typed 3 times, ban
the IP permanently until you log into ssh and edit a pickled file.
-Thadeus
On Wed, Feb 3, 2010 at 7:07 PM, mdipierro<mdipie...@cs.depaul.edu> wrote:
I am confused. appadmin does not requires any. appadmin, by default,
required admin (perhaps you refer to that). appadmin predates auth. If
your app needs a more complex appadmin authentication you should
connect to the auth of the app.
admin does not no need more than a passoword because there is a single
user (administrator) and because it should not relay on the presence
of a database.
On Feb 3, 3:22 pm, Wes James<compte...@gmail.com> wrote:
On Wed, Feb 3, 2010 at 1:48 PM, mdipierro<mdipie...@cs.depaul.edu> wrote:
<snip>
By the way Massimo, will you take a patch to add a username to
appadmin? If not, I'm learning a few things on the way, anyway.
please explain more.
appadmin only uses a password to login. I'm putting in a username too
so it requires a username and password to log in to appadmin.
<snip>
-wes
--
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To post to this group, send email to web...@googlegroups.com.
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com.
For more options, visit this group
athttp://groups.google.com/group/web2py?hl=en.
--
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To post to this group, send email to web...@googlegroups.com.
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en.