On Wed, Feb 11, 2009 at 10:46 AM, James Sherwood <jsherw...@rgisolutions.com> wrote: > Hello,
Hi! > Doesn't most dictionary style attacks create a new request each time > therefore creating a new ASO? Kind of like closing your browser and > reopening it each time? They are done by bots (programs), not people, so I guess you're right. > If not this is a much better idea than mine of delaying the IP. Your code was not delaying the IP, it was delaying the session. It's not the same. Implement it using an application-wide map <ip, login attempts> instead of relying on an ASO. This has another advantage: you don't create a session when you don't need to. -- Thiago --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org