Looks like this has been implemented in admin -- see http://code.google.com/p/web2py/source/browse/applications/admin/models/access.py#55. Looks like 5 login attempts allowed from a given IP address per hour.
Anthony On Monday, October 3, 2011 7:16:50 PM UTC-4, sadik fanan wrote: > > > Hi , i am developing an online booking system on GAE.. > .the developement is allmost > complete...recently i have come to know about brutforce attacks on web > based > application for admin login... > my application is in web2py framework > (python)...can anyone here please guide me on a functionality where in , > the admin > login will be disabled after 5 wrong password entries ... > ..is there any kind of > plugin available for this,,, > ,or any pre existing code that i can put into my code > to have this done....please reply on my mail id : sadik...@gmail.com > ..... if the > above mentioned thing is not possible at all > in web2py , please suggest other ways > to make more secured admin login > >
