One idea
The third time the login fails, register the time for that user.
When a login gets executed, if the last registered time for the given user
is less than the time interval you want - the login always fails.
The user must have something like:
User : id || login | password |
You could put a cookie on the user's machine that expires after a certain
period of time. Of course this only works when cookies are turned one and
an experienced user could always manually remove their cookie.
Another solution maybe is to get the user's IP address from the request
Header and
BDY.RTF
Description: RTF file
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
, December 16, 2003 9:09 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: Login Security
You could put a cookie on the user's machine that expires after a
certain
period of time. Of course this only works when cookies are turned one
and
an experienced user could always manually remove
: Tuesday, December 16, 2003 3:43 PM
To: 'Struts Users Mailing List'
Subject: RE: Login Security
I am storing the username and password in a table in a mySql database.
I think I will just add a field last_failure to the user table... and
after 3 unsuccessful attempts I will record the time
Btw, remember to flush the map for that username when they are able to login
successfully.
-Original Message-
From: Hookom, Jacob [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 16, 2003 3:46 PM
To: Struts Users Mailing List
Subject: RE: Login Security
Do a HashMap in the action:
Key
:[EMAIL PROTECTED]
Sent: 16 December 2003 20:46
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: Login Security
Avoid the cookie solution, it's too easy for the user to bypass your
security measures and as mentioned below, this solution won't work if
the browser has disabled cookies
[EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Tuesday, December 16, 2003 10:46 PM
Subject: RE: Login Security
Do a HashMap in the action:
Key is username
Value is Integer or Date
If ((value = map.get(key)) != null)
{
if (value instanceof Date)
{
// compare timeout
10:46 PM
Subject: RE: Login Security
Do a HashMap in the action:
Key is username
Value is Integer or Date
If ((value = map.get(key)) != null)
{
if (value instanceof Date)
{
// compare timeout dates
}
else if (value instanceof Integer)
{
if (value == 3)
{
map.put
You could apply what I described by defining the key as username+@+ip
Good idea!
-Original Message-
From: Janusz Dziadon [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 16, 2003 4:20 PM
To: Struts Users Mailing List
Subject: Re: Login Security
I think, that you should register
: Tuesday, December 16, 2003 10:46 PM
Subject: RE: Login Security
Do a HashMap in the action:
Key is username
Value is Integer or Date
If ((value = map.get(key)) != null)
{
if (value instanceof Date)
{
// compare timeout dates
}
else if (value instanceof
of maybe storing ip addresses, (though
a malicious user could spoof these).
regards
Ajay
From: Janusz Dziadon [EMAIL PROTECTED]
Reply-To: Struts Users Mailing List [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Subject: Re: Login Security
Date: Tue, 16 Dec 2003 23:43:41 +0100
1
12 matches
Mail list logo