On Fri, Feb 10, 2006 at 11:01:18AM -0800, Daniel M. wrote: > Has anyone written a captcha module to "enhance" login > security? That was discussed briefly but nobody seemed too excited about it, or at least not excited enough to write it. Personally I don't like them, and wish there were a non-offensive way of asking "are you a real person and not a machine?" With the IP restrictions (limit to how many accounts per day from 1 IP) and the confirmation email, I haven't noticed Scoop having a scripted account creation attack vulnerability. All its problems seem to be from real people who go out of their way to switch IPs to create multiple accounts. > How about the max_login_attempts deal? > > I use that on my site and it works quite well. I just checked the bug muncher and that bug (113) has a patch - which was never flagged for review so I didn't see it. I use bugzilla's search feature to look for that flag to find patches to test - and I'm not looking through every bug individually to see if somebody forgot to set the flag. I wasn't ignoring you, honest :-) > One enhancement I would love to see in Scoop is to > divide the boxes and blocks into categories instead of > getting one "master" list. Blocks are already split into categories; this has been in for quite a while now. Boxes haven't yet, but it's been discussed now that the number of boxes is getting quite high. -janra