Comment 2 for bug 968059

Why if upgrader can be called only once, what harm will do of someone
else will call upgrader, if you want to prevent from brute force you
should add this into login not upgrader. Better is to add limits of 3
fails, but this kind of thing is only added in very strong
authentications system like PIN in the bank. I don't think I ever see
login with captcha in it.

It can start session and save number of fail login into session and if
you want to login you need to have php session already enabled.

On Thu, 29 Mar 2012 09:07:20 -0000
rg1024 <email address hidden> wrote:

> This is not a bug.
> I added captcha to protect upgrader from force brute force attacks.
>
> ** Changed in: aikiframework
> Status: New => Invalid
>

--
Jakub Jankiewicz
twitter: @jcubic
www: http://jcubic.pl