Am Samstag, den 07.05.2005, 12:04 -0400 schrieb Chris McDonough: > Web Folders pass cookies around too, FWIW, so it's probably not strictly > necessary to use http basic auth. But without using http basic auth, > there is no way to log in unless you have them go to the web interface > first, then launch a web folder, so maybe impractical.
Well, in theory its possible if the client accepts cookie to just store the amount of wrong attempts via cookie (or id - which would be the same) and deny any password, be it even the correct one when it comes via basic auth. But I strongly believe this does not save from abuse because its just too easy to remove the cookie or just not accept it in the first place. So I'd say its not worth the work. _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )