Joe Buck
Apr 3, 2014, 1:13:41 AM4/3/14
to web...@googlegroups.com
Hello web2py-users,
I'm using web2py 2.7.4-stable+timestamp.2013.10.14.15.16.29 installed via the TurnkeyLinux distro(mod_wsgi).
When I try to authenticate in the admin app over https using a wrong password more than 5 times, I am able to log in on the 6th attempt using the correct password without the 1 hour wait.
After the 5th attempt, my ip address is visible in hosts.deny log. It is removed after the 6th attempt with correct password entered.
All of the session flashes are accurate.
I'm new to web2pp and probably have overlooked a setting or I do not understand the intended behavior.
Is there a way to make sure admin is actually disabled after failed authentication attempts?
Thank you,
Joe Buck
Reply all
Reply to author
Forward
0 new messages