On 5/7/05, Tino Wildenhain <[EMAIL PROTECTED]> wrote: > Well, in theory its possible if the client accepts cookie to just > store the amount of wrong attempts via cookie (or id - which would > be the same) and deny any password, be it even the correct one > when it comes via basic auth.
Store the incorrect login count client-side in a cookie?! No way! :) > But I strongly believe this does not save from abuse because > its just too easy to remove the cookie or just not accept > it in the first place. So I'd say its not worth the work. Yes, I think it would be a bad idea. mark _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )