[Zope] Is it possible to extend Zopes WebDAV authentication?

mark hellewell mark.hellewell at gmail.com
Sat May 7 15:24:38 EDT 2005


On 5/7/05, Tino Wildenhain <tino at wildenhain.de> wrote:
> Well, in theory its possible if the client accepts cookie to just
> store the amount of wrong attempts via cookie (or id - which would
> be the same) and deny any password, be it even the correct one
> when it comes via basic auth.

Store the incorrect login count client-side in a cookie?! No way! :)
 
> But I strongly believe this does not save from abuse because
> its just too easy to remove the cookie or just not accept
> it in the first place. So I'd say its not worth the work.

Yes, I think it would be a bad idea.

mark


More information about the Zope mailing list