mechanism of maybe storing ip addresses, (though
a malicious user could spoof these).
regards
Ajay
From: "Janusz Dziadon" <[EMAIL PROTECTED]>
Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Tuesday, December 16, 2003 11:24 PM
Subject: Re: Login Security
> Several organizations expose the same IP address for most or all users.
You'd be
> blocking entire organizations because of one bad login.
>
> --- Janusz_Dziadoñ <[EMAIL PROTECTED]> wrote:
> > I thi
You could apply what I described by defining the key as username+"@"+ip
Good idea!
-Original Message-
From: Janusz Dziadon [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 16, 2003 4:20 PM
To: Struts Users Mailing List
Subject: Re: Login Security
I think, that you shoul
;[EMAIL PROTECTED]>
> To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
> Sent: Tuesday, December 16, 2003 10:46 PM
> Subject: RE: Login Security
>
>
> > Do a HashMap in the action:
> >
> > Key is username
> > Value is Integer or Date
&g
kom, Jacob" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Tuesday, December 16, 2003 10:46 PM
Subject: RE: Login Security
> Do a HashMap in the action:
>
> Key is username
> Value is Integer or Date
>
> If ((value =
Does that sound ok?
>
> Ciaran
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: 16 December 2003 20:46
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: RE: Login Security
>
> Avoid the cookie solution, it's too e
Btw, remember to flush the map for that username when they are able to login
successfully.
-Original Message-
From: Hookom, Jacob [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 16, 2003 3:46 PM
To: Struts Users Mailing List
Subject: RE: Login Security
Do a HashMap in the action:
Key
: Tuesday, December 16, 2003 3:43 PM
To: 'Struts Users Mailing List'
Subject: RE: Login Security
I am storing the username and password in a table in a mySql database.
I think I will just add a field "last_failure" to the user table... and
after 3 unsuccessful attempts I wil
OTECTED]
Subject: RE: Login Security
Avoid the cookie solution, it's too easy for the user to bypass your
security measures and as mentioned below, this solution won't work if
the browser has disabled cookies.
Don't block IP addresses because they can be easily spoofed and
redirected
BDY.RTF
Description: RTF file
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
ssage-
From: Ciaran Hanley [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 16, 2003 10:55 AM
To: [EMAIL PROTECTED]
Subject: Login Security
I'm writing a web application using JSP and Struts. I want to add a
security feature to my login page where if a user has three unsuccessful
logins th
One idea
The third time the login fails, register the time for that user.
When a login gets executed, if the last registered time for the given user
is less than the time interval you want -> the login always fails.
The user must have something like:
User : id || login | password | la
I'm writing a web application using JSP and Struts. I want to add a
security feature to my login page where if a user has three unsuccessful
logins they will be unable to log in for a certain period of time
afterwards. I can count the number of unsuccessful logins ok but how I'm
not sure how to giv
13 matches
Mail list logo
