[Zope] scary security questions

Graham Chiu anon_emouse@hotmail.com
Sat, 13 May 2000 08:55:01 +1300


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <20000511215531.15698.qmail@web701.mail.yahoo.com>, Paul
Abrams <paulabrams@yahoo.com> writes
>1) What prevents someone from getting into the manage
>screens by cracking the admin username:password? Are failed
>login attempts logged anywhere? If not, is there any way to
>log them short of hacking the zope python code?

I do this on my E-Commerce site.  All failed log ons are logged with IP
addresses, and after 3 failures, an email is sent to me, and that IP
address is barred from access.  But I'm not using Zope authentication.

- -- 
Regards,        Graham Chiu
gchiu<at>compkarori.co.nz
http://www.compkarori.co.nz/x.php?/Shopping

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBORvG5rTRdIWzaLpMEQLxeACdF4OdTXkoFybnF/yijBZdpmEm4XIAoILT
81x0unG4w71gOshAWauwJA6D
=wUra
-----END PGP SIGNATURE-----