[Zope] Re: Handling login failures
David Hassalevris
bluepaul at earthlink.net
Fri Jan 13 03:00:12 EST 2006
Håkan Johansson wrote:
>
> On Jan 13, 2006, at 00:32, Dennis Allison wrote:
>
>>
>>
>>
>> A more usual solution to this issue is to insert a delay after the third
>> and subsequent failures. You, of course, need a policy for removing the
>> delay (successful login or N minutes following the last attempt).
>>
>>
>
> Yes, I have been thinking the same thing. It would be much less work
> for the admin of the system.
> Thanks for the tip though :)
>
> _
Of course if you enforced longer passwords you can achieve a similar
result. You dont slow time down between authentication events (like
Dennis suggests) but you add the amount of time needed to guess a
password. So (slow Auth reponsies + tries) can approximate (fast Auth
responses + alot more tries)
David
More information about the Zope
mailing list