On 5/7/05, Tino Wildenhain <[EMAIL PROTECTED]> wrote:
> Well, in theory its possible if the client accepts cookie to just
> store the amount of wrong attempts via cookie (or id - which would
> be the same) and deny any password, be it even the correct one
> when it comes via basic auth.

Store the incorrect login count client-side in a cookie?! No way! :)
 
> But I strongly believe this does not save from abuse because
> its just too easy to remove the cookie or just not accept
> it in the first place. So I'd say its not worth the work.

Yes, I think it would be a bad idea.

mark
_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to