On Tue, Oct 27, 2015 at 8:19 PM, Kent Fredric <[email protected]> wrote: > On 28 October 2015 at 06:26, shawn wilson <[email protected]> wrote: >> time*tries*exp is probably more like what you want, and do it before >> you print the error, but yeah > > > Just make sure the backoff can't be exploited by malicious users to > lock out legitimate users by bombing the login system with failed > attempts. >
Well kinda... Always make sure admins are allowed in somehow (but more secure - locked ip, 2fa, w/e) If someone has a botnet and tries this to dos your system, each user they dos should get notification they need to reset their password. However, generally you'll see one source hitting a server w/ tons of requests and you ban that ip, one or two users get the pass reset notification and it's done. -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] http://learn.perl.org/
