[Zope-dev] z3c.password and tracking failed login attempts
Roger
dev at projekt01.ch
Mon Mar 8 16:49:39 EST 2010
Hi Jan
> Betreff: [Zope-dev] z3c.password and tracking failed login attempts
>
> Hi,
>
> A while ago I asked some questions and made some suggestions
> for improving how to track failed login attempts in
> z3c.password. Most likely these suggestions got buried in now
> a out-of-sight thread and were never noticed.
>
> My suggestion was that making a request for for example a
> resource could still trigger the account locked errors, where
> in my opinion only the login attempts themselves should do that.
>
> I created a branch of z3c.password..:
>
>
> http://svn.zope.org/z3c.password/branches/jw-noraise-for-irrel
evant-requests/
>
> ..that will check for request relevancy as early as possible.
>
> All tests pass without modification, but with this change
> after an account has been locked out requests for for example
> resources will still work. Additionally I think the code is a
> tad more readible now. I added a test to demonstrate the
> specific behaviour.
>
> Would any of the z3c.password users/developers object to
> having this branch merged to the trunk?
Adam is on holiday this week. I'm sure he will take a look
at the branch next monday.
Regards
Roger Ineichen
> regards, jw
More information about the Zope-Dev
mailing list