Also considered issuing a redirect to a simple server that will delay the number of failed attempts seconds before redirecting back to the login page. Any smart attacker would get clued about this an not follow that redirect. Fun anyways, though. ;)
As I just said in the other email, you could use perlbal and not send the redirect directly to the client - but to your perlbal proxy, which then requests a delay from your stripped http server, which then sends the real response.
Carl _______________________________________________ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/