Am Samstag, den 07.05.2005, 12:04 -0400 schrieb Chris McDonough:
> Web Folders pass cookies around too, FWIW, so it's probably not strictly
> necessary to use http basic auth.  But without using http basic auth,
> there is no way to log in unless you have them go to the web interface
> first, then launch a web folder, so maybe impractical.

Well, in theory its possible if the client accepts cookie to just
store the amount of wrong attempts via cookie (or id - which would
be the same) and deny any password, be it even the correct one
when it comes via basic auth.

But I strongly believe this does not save from abuse because
its just too easy to remove the cookie or just not accept
it in the first place. So I'd say its not worth the work.

Zope maillist  -
**   No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to