chat.freenode.net #tryton log beginning Thu May 2 00:00:03 CEST 2013 | ||
Pilou | cedk: about the LoginAttempt feature. This feature doesn't prevent brute force attacks (it blocks brute force attacks which use Tryton client or proteus ;). Sample bash script: http://pastebin.com/SmzKXKuv | 12:00 |
---|---|---|
cedk | Pilou: yes | 12:06 |
cedk | Pilou: it blocks brute force attacks using any tools | 12:07 |
Pilou | bash isn't a tool ;) ? | 12:07 |
cedk | Pilou: did not yet read because pastebin is so slow | 12:09 |
Pilou | http://pastebin.ca/2371472 | 12:09 |
cedk | Pilou: yes the sleep must be done in all cases | 12:13 |
Pilou | Would you allow the addition of an option (disabled by default) which disable LoginAttempt behavior ? | 12:21 |
cedk | Pilou: no | 12:21 |
cedk | Pilou: I will always be by default against any new option | 12:21 |
lids | imho it's not tryton's job to handle such an issue | 12:22 |
lids | user acount will get locked too easily if the sleep is triggered before the login | 12:23 |
lids | so you will add login attempts by ip.. fail2ban does that better | 12:24 |
cedk | lids: I doubt fail2ban manage Tryton protocol | 12:24 |
lids | it's a matter of writing a regexp that match login's failure, it's really easy | 12:25 |
cedk | lids: for me, it is plenty tha job of trytond to secure the login | 12:28 |
lids | of course, but we have to do it the right way.. as openssh let's third parties software handle this case, i think we can do the same with tryton | 12:41 |
cedk | lids: still no valid reason | 12:44 |
plantian | If I want to deactivate a product, should I deactivate the product.product and then the product.template or do I just need to do one of them? | 21:24 |
cedk | plantian: if you do only on product the template will still be available | 22:37 |
plantian | cedk: okay, is it likely that deactivating the template of a product unsets the code when viewing the product? Like when I view the inactive product. | 22:44 |
cedk | plantian: don't understand | 22:47 |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!