-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In article <20000511215531.15698.qmail@web701.mail.yahoo.com>, Paul Abrams <paulabrams@yahoo.com> writes
1) What prevents someone from getting into the manage screens by cracking the admin username:password? Are failed login attempts logged anywhere? If not, is there any way to log them short of hacking the zope python code?
I do this on my E-Commerce site. All failed log ons are logged with IP addresses, and after 3 failures, an email is sent to me, and that IP address is barred from access. But I'm not using Zope authentication. - -- Regards, Graham Chiu gchiu<at>compkarori.co.nz http://www.compkarori.co.nz/x.php?/Shopping -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 iQA/AwUBORvG5rTRdIWzaLpMEQLxeACdF4OdTXkoFybnF/yijBZdpmEm4XIAoILT 81x0unG4w71gOshAWauwJA6D =wUra -----END PGP SIGNATURE-----