Hi again :) I wondering about a use case like :
some hacker is repeatingly trying to enter my app (wrapped in repoze.who as wsgi) obviously my app will return 401 or 403 response code at this point the repoze.who egress runs several plugins, challenge deciders of course what I'm considering is implementing a custom challenge decider : create a special table, let's call it 'abuse' (user_name, bad_credential_count) if I'm called I create an entry in abuse and set bad_credential_count to 1 (resp +1 if already here) then in the authenticator counterpart, if password match : delete entry in abuse if bad_credential_count > some_setting => 500 or reroute to fbi or send nagios a warning .... whatever is it sound ? Am I paranoid ? would it be useful ? regards NiL -- You received this message because you are subscribed to the Google Groups "TurboGears" group. To view this discussion on the web visit https://groups.google.com/d/msg/turbogears/-/iK8Ib-KYgH0J. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/turbogears?hl=en.
