On Jan 13, 2006, at 00:24, Florent Guillaume wrote:
Håkan Johansson wrote:
I want to be able to block a user from logging in if he fails to give
the right login/password three times in a row.
You're aware that this allows anyone to trivially DoS your users,
right?
If you take the precaution of matching with the IP, it still will harm
people logging in through corporate or ISP proxies. Which, admittedly,
may not be a problem in an intranet setting.
Florent
This is not really a problem for us since we have a firewall that must
be logged into first. Only customers to the system can actually access
it.
If I had a say in it, I would not implement a system like this at all,
but our customer wants it.
Thanks for the warning though. I hadn't thought about the DoS aspect.
_______________________________________________
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )