HÃ¥kan Johansson wrote:

On Jan 13, 2006, at 00:32, Dennis Allison wrote:

A more usual solution to this issue is to insert a delay after the third
and subsequent failures.  You, of course, need a policy for removing the
delay (successful login or N minutes following the last attempt).

Yes, I have been thinking the same thing. It would be much less work for the admin of the system.
Thanks for the tip though :)


Of course if you enforced longer passwords you can achieve a similar result. You dont slow time down between authentication events (like Dennis suggests) but you add the amount of time needed to guess a password. So (slow Auth reponsies + tries) can approximate (fast Auth responses + alot more tries)


Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to