Håkan Johansson wrote:
On Jan 13, 2006, at 00:32, Dennis Allison wrote:
A more usual solution to this issue is to insert a delay after the third
and subsequent failures. You, of course, need a policy for removing the
delay (successful login or N minutes following the last attempt).
Håkan Johansson wrote:
I want to be able to block a user from logging in if he fails to give
the right login/password three times in a row.
You're aware that this allows anyone to trivially DoS your users, right?
If you take the precaution of matching with the IP, it still will harm
people
A more usual solution to this issue is to insert a delay after the third
and subsequent failures. You, of course, need a policy for removing the
delay (successful login or N minutes following the last attempt).
On Fri, 13 Jan 2006, Florent Guillaume wrote:
Håkan Johansson wrote:
I want to
On Jan 13, 2006, at 00:24, Florent Guillaume wrote:
Håkan Johansson wrote:
I want to be able to block a user from logging in if he fails to give
the right login/password three times in a row.
You're aware that this allows anyone to trivially DoS your users,
right?
If you take the
On Jan 13, 2006, at 00:32, Dennis Allison wrote:
A more usual solution to this issue is to insert a delay after the
third
and subsequent failures. You, of course, need a policy for removing
the
delay (successful login or N minutes following the last attempt).
Yes, I have been
