[Zope] Is it possible to extend Zopes WebDAV authentication?
Tino Wildenhain
tino at wildenhain.de
Fri May 6 15:52:12 EDT 2005
Am Freitag, den 06.05.2005, 19:26 +0100 schrieb mark hellewell:
> On 5/6/05, Dieter Maurer <dieter at handshake.de> wrote:
>
> > WebDAV uses "basic HTTP authentication" which should use whatever
> > UserFolder you have installed.
>
> Thanks.. So, I think I should be able to modify the authentication plugin
> of PUF so that each time a user makes a bad login attempt (either via
> WebDAV or the login form) it increments the "bad login" counter?
>
> Sounds like a plan, anyway :)
Actually, it does not. You have no such thing like a session
when all you have is webdav. I dont know if many dav-clients
store cookies too - it may depend on your usecase.
Without cookies you dont know if a request is the first,
second or third time. And just counting per user would
make an excellent way to DoS.
Regards
Tino
More information about the Zope
mailing list