root account attempt log should not be shared between sites [3H]

collective / Products.LoginLockout

Prevents endless login attempts in Plone, making it more secure.

https://pypi.python.org/pypi/Products.LoginLockout

2 stars 7 forks source link

root account attempt log should not be shared between sites [3H] #30

Closed djay closed 1 year ago

djay commented 6 years ago

Means the attempt log is confusing and inaccurate as it includes attempts at other sites

should be possible to disambiguate between them and store the data in the plone site.

Fix

first plugin annotate the request to store path to the first plugin.
base plugin that needs to record the attempt stores it inside the first plugin
change the data structure to be an BTree so storage doesn't increase on how many records.

djay commented 3 years ago

I think the change is needed is to store the path of the original acl_users in the request so the base plugin knows where to store the failed attempt. Then adjust all the code that manages attempts to look at the local acl_users instead of the root one.

djay commented 2 years ago

Seems like it also might be taking up a lot of space with that storage if there is a lot of logins. So how it's stored might need to be changed too