[Zope] Re: Handling login failures
Håkan Johansson
ignem at raintervention.se
Fri Jan 13 01:56:13 EST 2006
On Jan 13, 2006, at 00:24, Florent Guillaume wrote:
>
>
> Håkan Johansson wrote:
>> I want to be able to block a user from logging in if he fails to give
>> the right login/password three times in a row.
>
> You're aware that this allows anyone to trivially DoS your users,
> right?
> If you take the precaution of matching with the IP, it still will harm
> people logging in through corporate or ISP proxies. Which, admittedly,
> may not be a problem in an intranet setting.
>
> Florent
This is not really a problem for us since we have a firewall that must
be logged into first. Only customers to the system can actually access
it.
If I had a say in it, I would not implement a system like this at all,
but our customer wants it.
Thanks for the warning though. I hadn't thought about the DoS aspect.
More information about the Zope
mailing list