iamchenxin Does this make a security risk? It seems too conveient for a robot to brute force password. where to shut off it ? BTW: I want to make a plugin to block error login by failed login count. Please give me some clue, Should i begin with DokuWiki_Auth_Plugin ? Are all the password check is passed to the Auth Plugin ?
andi iamchenxin wrote Does this make a security risk? It seems too conveient for a robot to brute force password. there's absolutely no difference in difficulty between post and get for a bot.
iamchenxin Thanks. But it confused me. When i enable plugin:captcha , The login summit by form has an additional text to keep robot out. But i can still simply login with GET[?u=user&p=password] and if i want to make a plugin to block error login by failed login count . Is best choice DokuWiki_Auth_Plugin ?