[Zope-dev] z3c.password and tracking failed login attempts

Roger dev at projekt01.ch
Mon Mar 8 16:49:39 EST 2010


Hi Jan 

> Betreff: [Zope-dev] z3c.password and tracking failed login attempts
> 
> Hi,
> 
> A while ago I asked some questions and made some suggestions 
> for improving how to track failed login attempts in 
> z3c.password. Most likely these suggestions got buried in now 
> a out-of-sight thread and were never noticed.
> 
> My suggestion was that making a request for for example a 
> resource could still trigger the account locked errors, where 
> in my opinion only the login attempts themselves should do that.
>  
> I created a branch of z3c.password..: 
>  
>   
> http://svn.zope.org/z3c.password/branches/jw-noraise-for-irrel
evant-requests/ 
>  
> ..that will check for request relevancy as early as possible. 
>  
> All tests pass without modification, but with this change 
> after an account has been locked out requests for for example 
> resources will still work. Additionally I think the code is a 
> tad more readible now. I added a test to demonstrate the 
> specific behaviour.
>  
> Would any of the z3c.password users/developers object to 
> having this branch merged to the trunk?

Adam is on holiday this week. I'm sure he will take a look
at the branch next monday.

Regards
Roger Ineichen

> regards, jw 



More information about the Zope-Dev mailing list