Håkan Johansson wrote:
On Jan 13, 2006, at 00:32, Dennis Allison wrote:
A more usual solution to this issue is to insert a delay after the third
and subsequent failures. You, of course, need a policy for removing the
delay (successful login or N minutes following the last attempt).
Yes, I have been thinking the same thing. It would be much less work
for the admin of the system.
Thanks for the tip though :)
Of course if you enforced longer passwords you can achieve a similar
result. You dont slow time down between authentication events (like
Dennis suggests) but you add the amount of time needed to guess a
password. So (slow Auth reponsies + tries) can approximate (fast Auth
responses + alot more tries)
Zope maillist - Zope@zope.org
** No cross posts or HTML encoding! **
(Related lists -