The suggestion above was not for admin but for auth. It can be adapted to be used for admin.
On Oct 3, 10:10 pm, Massimo Di Pierro <massimo.dipie...@gmail.com> wrote: > make a file "models/plugin_conditionalrecaptcha.py" which contains: > > MAX_LOGIN_FAILURES = 3 > RECAPTCHA_PUBLIC_KEY = '' > RECAPTCHA_PRIVATE_KEY = '' > > def _(): > from gluon.tools import Recaptcha > key = 'login_from:%s' % request.env.remote_addr > num_login_attempts = cache.ram(key,lambda:0,None) > if num_login_attempts >= MAX_LOGIN_FAILURES: > auth.settings.login_captcha = Recaptcha( > request,RECAPTCHA_PUBLIC_KEY,RECAPTCHA_PRIVATE_KEY) > def login_attempt(form,key=key,n=num_login_attempts+1): > cache.ram(key,lambda n=n:n,0) > def login_success(form,key=key): > cache.ram(key,lambda:0,0) > auth.settings.login_onvalidation.append(login_attempt) > auth.settings.login_onaccept.append(login_success) > _() > > On Oct 3, 6:16 pm, sadik fanan <sadikfa...@gmail.com> wrote: > > > > > > > > > Hi , i am developing an online booking system on GAE.. > > .the developement is allmost > > complete...recently i have come to know about brutforce attacks on web based > > application for admin login... > > my application is in web2py framework > > (python)...can anyone here please guide me on a functionality where in , > > the admin > > login will be disabled after 5 wrong password entries ... > > ..is there any kind of > > plugin available for this,,, > > ,or any pre existing code that i can put into my code > > to have this done....please reply on my mail id : sadikfa...@gmail.com > > ..... if the > > above mentioned thing is not possible at all > > in web2py , please suggest other ways > > to make more secured admin login