On Thursday, May 10, 2007, 17:32:18, Stephan wrote: > In Imail 8.x there was an admin setting to lock accounts after x > failed logins. It's not an option in 2006 as far as I know, which I > think is a major security problem. With a failed login lockout (with a > timeout for the lockout) hack attemps like this should be a non issue imo.
Locking user accounts leads to a denial of service for the unfortunate holders of those accounts. It really needs to be a IP address lockout. -- [EMAIL PROTECTED] "The avalanche has already started, it is too Rod Dorman late for the pebbles to vote." - Ambassador Kosh To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
