On Tue, Oct 27, 2015 at 8:19 PM, Kent Fredric <kentfred...@gmail.com> wrote: > On 28 October 2015 at 06:26, shawn wilson <ag4ve...@gmail.com> wrote: >> time*tries*exp is probably more like what you want, and do it before >> you print the error, but yeah > > > Just make sure the backoff can't be exploited by malicious users to > lock out legitimate users by bombing the login system with failed > attempts. >
Well kinda... Always make sure admins are allowed in somehow (but more secure - locked ip, 2fa, w/e) If someone has a botnet and tries this to dos your system, each user they dos should get notification they need to reset their password. However, generally you'll see one source hitting a server w/ tons of requests and you ban that ip, one or two users get the pass reset notification and it's done. -- To unsubscribe, e-mail: beginners-unsubscr...@perl.org For additional commands, e-mail: beginners-h...@perl.org http://learn.perl.org/