Issue84

Issues
Show Unassigned
Show All
Search

Login





Lost your login?

Help
Roundup docs

Title Brute force lockouts
Priority feature Status chatting
Superseder Nosy List paj
Assigned To Topics

Created on 2009-05-19.00:25:51 by paj, last changed 2009-10-08.18:59:08 by aatiis.

Messages
msg272 (view) Author: aatiis Date: 2009-10-08.18:59:07 
I implemented something similar in a plugin ( http://svn.tranchitella.it/listing.php?
repname=public&path=/repoze.who.plugins.sqlalchemy/ ), with passing an optional 
'user_audit' argument to the plugin maker in who.ini, then the authenticator will call 
a method upon each failed login. It's up to the application to store it, i.e. in a 
database, and after a certain number of failed logins, either refuse to authenticate, 
or show a CAPTCHA.
This might, or might not be what you're looking for, though.
msg200 (view) Author: paj Date: 2009-05-19.00:25:51 
There should be some form of lockouts, to avoid brute force password attacks.
I'm not volunteering to work on this feature though.
History
Date User Action Args
2009-10-08 18:59:08 aatiis set status: unread -> chatting
messages: + msg272
2009-05-19 00:25:51 paj create