[Zope] scary security questions
Graham Chiu
anon_emouse@hotmail.com
Sat, 13 May 2000 08:55:01 +1300
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In article <20000511215531.15698.qmail@web701.mail.yahoo.com>, Paul
Abrams <paulabrams@yahoo.com> writes
>1) What prevents someone from getting into the manage
>screens by cracking the admin username:password? Are failed
>login attempts logged anywhere? If not, is there any way to
>log them short of hacking the zope python code?
I do this on my E-Commerce site. All failed log ons are logged with IP
addresses, and after 3 failures, an email is sent to me, and that IP
address is barred from access. But I'm not using Zope authentication.
- --
Regards, Graham Chiu
gchiu<at>compkarori.co.nz
http://www.compkarori.co.nz/x.php?/Shopping
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1
iQA/AwUBORvG5rTRdIWzaLpMEQLxeACdF4OdTXkoFybnF/yijBZdpmEm4XIAoILT
81x0unG4w71gOshAWauwJA6D
=wUra
-----END PGP SIGNATURE-----