[Zope] Zope security question
kosh
kosh at aesaeion.com
Thu Apr 8 02:20:51 EDT 2004
On Wednesday 07 April 2004 10:52 pm, Marnie King wrote:
> Hi,
> I'm a fairly new Zope user and am trying to securely configure it. One
> thing I'd like to do, but haven't been able to find any info on, is to
> configure Zope so that it will only allow a user 3 failed login attempts.
> After this I'd like to be able to either deny them access or at least delay
> their access and have the event logged.
>
> Is this possible? I'm using Zope 2.7.0 on Red Hat.
> Appreciate any comments.
So you want to make it so that someone can lockout any account on the system
if they want just by trying to log into it 3 times with bad passwords? This
doesn't even work very well for a desktop login or a regular app running on a
users desktop. Making it work for a web app would likely just cause you a lot
of grief long term.
As to how to do it I don't know how you would accomplish that you would need
to write something that would keep track of attempts and check on that
history when someone logs in and probably keep that object as a temp object n
the temp folder and deal with removing stuff from it to not have huge memory
usage etc.
More information about the Zope
mailing list