[Zope] Is it possible to extend Zopes WebDAV authentication?
Tino Wildenhain
tino at wildenhain.de
Sat May 7 14:33:17 EDT 2005
Am Samstag, den 07.05.2005, 12:04 -0400 schrieb Chris McDonough:
> Web Folders pass cookies around too, FWIW, so it's probably not strictly
> necessary to use http basic auth. But without using http basic auth,
> there is no way to log in unless you have them go to the web interface
> first, then launch a web folder, so maybe impractical.
Well, in theory its possible if the client accepts cookie to just
store the amount of wrong attempts via cookie (or id - which would
be the same) and deny any password, be it even the correct one
when it comes via basic auth.
But I strongly believe this does not save from abuse because
its just too easy to remove the cookie or just not accept
it in the first place. So I'd say its not worth the work.
More information about the Zope
mailing list