On Fri, 7 Apr 2000, Mark Imbriaco wrote: |That opens up a nasty Denial of Service attack though. All I have to do |is try to log into the "gunther" account three times in rapid succession |with a bogus password, and WHAM, the real Gunther is locked out. Granted, |it's possible to work around this, but the best way is probably going to |be cookie based like Vivek suggested. Obviously, you want to count attempts PER IP addresses.
- THREE STRIKES... Gram, Jim
- Re: THREE STRIKES... Vivek Khera
- Re: THREE STRIKES... Gunther Birznieks
- Re: THREE STRIKES... Mark Imbriaco
- Re: THREE STRIKES... Gunther Birznieks
- Re: THREE STRIKES... Mark Imbriaco
- Re: THREE STRIKES... Gunther Birznieks
- Re: THREE STRIKES... Nicolas MONNET
- Re: THREE STRIKES... Mark Imbriaco
- Re: THREE STRIKES... Nicolas MONNET
- Re: THREE STRIKES... Gunther Birznieks
- Re: THREE STRIKES... Ask Bjoern Hansen
- Re: THREE STRIKES... Nicolas MONNET
- Re: THREE STRIKES... Jeffrey W. Baker
- Re: THREE STRIKES... Vivek Khera
- Re: THREE STRIKES... Ken Williams
- Re: THREE STRIKES... Eric L. Brine
- Re: THREE STRIKES... Ken Williams
