Hi, > Hmmm, hadn't thought about captchas...what exactly would that > require? Just the ability to show the user some extra info, and > receive some extra info from the user? or is there something else I'm > not thinking of?
They're sometimes used to prevent brute force password attacks. They can also be used to prevent a particular kind of DOS attack. So, you have your normal login, and after three bad passwords instead of locking the account, require a captcha for each login attempt. I've seen this in use on a few live sites, seems to work ok. To be honest though, most sites just have lockout on three bad passwords and live with the denial of service risk (maybe expiring lockouts after 1 hour). I've not seen that be a problem in practice. Paul --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears Trunk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears-trunk?hl=en -~----------~----~----~----~------~----~------~--~---
