On Feb 3, 2010, at 9:38 PM, Thadeus Burgess wrote: > -1 for admin username > +1 for anti-brute-forcing. If incorrect password typed 3 times, ban > the IP permanently until you log into ssh and edit a pickled file.
We had a longish thread on this general subject a while back. I could probably find it, but.... I recall that the other alternative that was discussed was a rate limiter for password attempts. Any reason why something like that couldn't apply to regular logins as well? I don't think you'd want to use IP banning for user logins. -- You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web...@googlegroups.com. To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/web2py?hl=en.