Re: [Zope] Re: Handling login failures
Håkan Johansson wrote: On Jan 13, 2006, at 00:32, Dennis Allison wrote: A more usual solution to this issue is to insert a delay after the third and subsequent failures. You, of course, need a policy for removing the delay (successful login or N minutes following the last attempt). Yes, I have been thinking the same thing. It would be much less work for the admin of the system. Thanks for the tip though :) _ Of course if you enforced longer passwords you can achieve a similar result. You dont slow time down between authentication events (like Dennis suggests) but you add the amount of time needed to guess a password. So (slow Auth reponsies + tries) can approximate (fast Auth responses + alot more tries) David ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Multiple CookieCrumblers
Brian Sullivan wrote: On 1/11/06, Jens Vagelpohl <[EMAIL PROTECTED]> wrote: On 11 Jan 2006, at 21:46, Brian Sullivan wrote: I am using CookieCrumbler as an authentication method on a Zope site. I am looking at the feasibility of putting multi CookieCrumbler objects (all with the same settings -- except for the cache setting) on a site in order to allow some parts of the site to be cached in an upstream proxy and forbidding others. Is this a reasonable thing to do? Will it achieve the result I am looking for? I will not do what you expect to do. The first cookie crumbler to do authentication sets the cookie and even if other cookie crumblers get involved they will not just overwrite that cookie because the lifetime setting on their cookie is different. In some testing I found that the headers (at least the upstream cache setting which is what I was interested in) does seem to be different depending on the first CookieCrumbler to handle the content (I set one in a subdirectory to cache setting 'public' and the main system level one to 'private')- which would seem to imply that higher placed ones recognize the cache header setting and avoid changing it? This seemed to do what I want. If this isn't a strategy for doing what I want to do can anybody thing of one? I have a site that is authenticated using CookieCrumbler. I have a whole bunch of static files/objects, some fairly large isolated in a subfolder on the site. I want the static objects to be cached by upstream proxies, but all other parts of the site not cacheable. ___ Brian, Can you explain how you are using this? Does cookie crumbler's cache-control apply to *all* authenticated responses? If so, I didnt realize it was so sweeping (I admit i had assumed it applied to the authentication cookie). Have you, for example, considerered branching to different folders (one with all object caches set to no-cache) based on a user role? Can you give more detail? David Good luck! David Its an interesting idea, to cascade cookie crumblers - you might be able to fake the login_screen ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] External Method Working Directory?
jwithers, a) Is your os.getcwd() (in /Extensions) called from a Product (in /Products?) Otherwise I have not idea b) Regarding temporary files .. I've used stuff like ... import tempfile tmpFile2 = tempfile.mktemp() theFile=open( tmpFile2,'rb') result = theFile.read() theFile.close() os.remove(tmpFile2) I think this may depreciated but do a google on "python tempfile" and you can use the updated modules if they apply to your issue. David jwithers wrote: Folks, I have an external method that at this point is made up of nothing but os.getcwd() and lives in my Extensions directory. When it is run, it reports the working directory as being one of my Products directories. Can anyone tell me what the default working directory for an external method is? Further, I need this to create a file temporarily in Extensions. I would prefer not to have to hardwire the location of Extension into the code, since that would make the script non-portable to other instances easily. Any advice on this would be appreciated. J. P. Withers ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )