This kind of goes along with some emails I've seen about Captcha support. Is there any way people using Roller out there are securing their site from someone running a password cracker against the login page? Is there a simple way to only allow login access via IP address? As a somewhat lame stopgap measure has anyone tried putting in BASIC authentication into the web.xml to force a second username/password to reach the login page? <auth-method>BASIC</auth-method> Other suggestions? Just curious of what options might be available to try and lock down the login. Thanks, Justin
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
