Preventing Password Attacks
I was reading .net magazine today (which has an excellent article about Jon Hicks‘ new redesign by the way) and they have an excellent comment about preventing randomly generated password attacks; simply add a sleep(3) command after each failed attempt so that the hacker has to wait 3 seconds before trying again. Update: The downside of this is that it would be easy to launch a denial of service attack which quickly exhausts any thread pool.
Of course they might just make lots of separate connections to the site so each connection can be trying a different password whilst the others are waiting but this too can be prevented if your authorisation supports account locking for a few seconds so that all attempts have to wait. Expect to see this new feature added to Pylons AuthKit soon.
QuickWiki Tutorial
I’ve written and released a complete tutorial on how to create a working wiki using Pylons and SQLAlchemy. The tutorial assumes you’ve read the installation and getting started guides and takes you all the way from defining the model, adding the templates and coding the forms to adding AJAX capabilities to delete pages by dragging them to a trash area.