alfonsodg
commented
10 years ago From massimod...@gmail.com on November 08, 2010 16:10:07
True. I would take a patch to do this.
Status: Accepted
Closed alfonsodg closed 10 years ago
alfonsodg
commented
10 years ago From massimod...@gmail.com on November 08, 2010 16:10:07
True. I would take a patch to do this.
Status: Accepted
alfonsodg
commented
10 years ago From richar...@gmail.com on November 08, 2010 16:14:49
or better yet use CAPTCHA (when defined) after a number of false guesses. Currently CAPTCHA is either on or off.
alfonsodg
commented
10 years ago From massimo....@gmail.com on November 03, 2011 11:14:43
In admin, we have allowed_number_of_attempts For your own apps, we have a recipe for this in the new book.
Status: Done
From richar...@gmail.com on October 09, 2010 21:42:02
To prevent someone brute force guessing an auth_user password, would it be worth having the option to disable an account after a number of repeated password failures?
Original issue: http://code.google.com/p/web2py/issues/detail?id=114