After so many attempts, admin should block the IP address attempting to gain access. Further, an invalid password, should require a 5 second timeout. After maybe 5 attempts, block the IP. The DenyHosts script that is used to prevent SSH brute force attacks does the same thing basically.
- [web2py] Admin security: https vs localhost pbreit
- [web2py] Re: Admin security: https vs localhost Massimo Di Pierro
- [web2py] Re: Admin security: https vs localhost pbreit
- [web2py] Re: Admin security: https vs localhos... Massimo Di Pierro
- [web2py] Re: Admin security: https vs localhost cjrh
- [web2py] Re: Admin security: https vs localhos... pbreit
- [web2py] Re: Admin security: https vs loca... cjrh
- [web2py] Re: Admin security: https vs ... Ross Peoples
- [web2py] Re: Admin security: http... Ross Peoples
- [web2py] Re: Admin security: ... cjrh
- [web2py] Re: Admin securi... Ross Peoples
- [web2py] Re: Admin securi... Ross Peoples
- [web2py] Re: Admin securi... cjrh
- [web2py] Re: Admin securi... Ross Peoples
- [web2py] Re: Admin securi... cjrh
- [web2py] Re: Admin securi... Massimo Di Pierro
- Re: [web2py] Re: Admin se... Kenneth Lundström
- [web2py] Re: Admin securi... Anthony