One idea The third time the login fails, register the time for that user. When a login gets executed, if the last registered time for the given user is less than the time interval you want -> the login always fails.
The user must have something like: User : id || login | password | last_failure | number_failures Hope it helps, Pedro Salgado On 16/12/2003 15:55, "Ciaran Hanley" <[EMAIL PROTECTED]> wrote: > I'm writing a web application using JSP and Struts. I want to add a > security feature to my login page where if a user has three unsuccessful > logins they will be unable to log in for a certain period of time > afterwards. I can count the number of unsuccessful logins ok but how I'm > not sure how to give a timeout after 3 failures. Any ideas how I could > implement this? > > Thanks > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]