[Zope] Zope security question

kosh kosh at aesaeion.com
Thu Apr 8 02:20:51 EDT 2004


On Wednesday 07 April 2004 10:52 pm, Marnie King wrote:
> Hi,
> I'm a fairly new Zope user and am trying to securely configure it. One
> thing I'd like to do, but haven't been able to find any info on, is to
> configure Zope so that it will only allow a user 3 failed login attempts.
> After this I'd like to be able to either deny them access or at least delay
> their access and have the event logged.
>
> Is this possible? I'm using Zope 2.7.0 on Red Hat.
> Appreciate any comments.

So you want to make it so that someone can lockout any account on the system 
if they want just by trying to log into it 3 times with bad passwords? This 
doesn't even work very well for a desktop login or a regular app running on a 
users desktop. Making it work for a web app would likely just cause you a lot 
of grief long term.

As to how to do it I don't know how you would accomplish that you would need 
to write something that would keep track of attempts and check on that 
history when someone logs in and probably keep that object as a temp object n 
the temp folder and deal with removing stuff from it to not have huge memory 
usage etc.



More information about the Zope mailing list