Attila Oláh <> added the comment:

I implemented something similar in a plugin (
repname=public&path=/repoze.who.plugins.sqlalchemy/ ), with passing an optional 
'user_audit' argument to the plugin maker in who.ini, then the authenticator 
will call 
a method upon each failed login. It's up to the application to store it, i.e. 
in a 
database, and after a certain number of failed logins, either refuse to 
or show a CAPTCHA.
This might, or might not be what you're looking for, though.

status: unread -> chatting

Repoze Bugs <>
Repoze-dev mailing list

Reply via email to