| chat.freenode.net #tryton log beginning Thu May 2 00:00:03 CEST 2013 | ||
| 2013-05-02 12:00 <Pilou> cedk: about the LoginAttempt feature. This feature doesn't prevent brute force attacks (it blocks brute force attacks which use Tryton client or proteus ;). Sample bash script: http://pastebin.com/SmzKXKuv | ||
| 2013-05-02 12:06 <cedk> Pilou: yes | ||
| 2013-05-02 12:07 <cedk> Pilou: it blocks brute force attacks using any tools | ||
| 2013-05-02 12:07 <Pilou> bash isn't a tool ;) ? | ||
| 2013-05-02 12:09 <cedk> Pilou: did not yet read because pastebin is so slow | ||
| 2013-05-02 12:09 <Pilou> http://pastebin.ca/2371472 | ||
| 2013-05-02 12:13 <cedk> Pilou: yes the sleep must be done in all cases | ||
| 2013-05-02 12:21 <Pilou> Would you allow the addition of an option (disabled by default) which disable LoginAttempt behavior ? | ||
| 2013-05-02 12:21 <cedk> Pilou: no | ||
| 2013-05-02 12:21 <cedk> Pilou: I will always be by default against any new option | ||
| 2013-05-02 12:22 <lids> imho it's not tryton's job to handle such an issue | ||
| 2013-05-02 12:23 <lids> user acount will get locked too easily if the sleep is triggered before the login | ||
| 2013-05-02 12:24 <lids> so you will add login attempts by ip.. fail2ban does that better | ||
| 2013-05-02 12:24 <cedk> lids: I doubt fail2ban manage Tryton protocol | ||
| 2013-05-02 12:25 <lids> it's a matter of writing a regexp that match login's failure, it's really easy | ||
| 2013-05-02 12:28 <cedk> lids: for me, it is plenty tha job of trytond to secure the login | ||
| 2013-05-02 12:41 <lids> of course, but we have to do it the right way.. as openssh let's third parties software handle this case, i think we can do the same with tryton | ||
| 2013-05-02 12:44 <cedk> lids: still no valid reason | ||
| 2013-05-02 21:24 <plantian> If I want to deactivate a product, should I deactivate the product.product and then the product.template or do I just need to do one of them? | ||
| 2013-05-02 22:37 <cedk> plantian: if you do only on product the template will still be available | ||
| 2013-05-02 22:44 <plantian> cedk: okay, is it likely that deactivating the template of a product unsets the code when viewing the product? Like when I view the inactive product. | ||
| 2013-05-02 22:47 <cedk> plantian: don't understand |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!