[ZDP] BackTalk to Document The Zope Book (2.6 Edition)/Users and Security

[webmaster at zope.org]

A comment to the paragraph below was recently added via http://zope.org/Documentation/Books/ZopeBook/2_6Edition/Security.stx#2-13

---------------

    Different things can happen with respect to being prompted for
    authentication credentials in response to a request for a protected
    resource depending on the current state of a login session.  If
    the user has not not yet logged in, Zope will prompt the user for
    a username and password.  If the user is logged in but the account
    under which he is logged in does not have sufficient privilege to
    perform the action he has requested, Zope will prompt him for a
    *different* username and password.  If he is logged in and the
    account under which he has logged in *does* have sufficient
    privileges to perform the requested action, the action will be
    performed.  If a user cannot be authenticated because he provides
    a nonexistent username or an incorrect password to an existing
    authentication dialog, Zope re-prompts the user for authentication
    information as necessary until the user either "gets it right" or
    gives up.

      % Anonymous User - Apr. 18, 2004 11:15 pm:
       It would be more secure if one could set a maximum no. of challenges in the conf.