Re: best way to limit # of attempts to login to protected page?

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 35437
interpreted = N
texte = I pass the counter value as a formvariable, i.e., when I check for the username and password, and if it is wrong, I redirect them to the login page via auto form submit. I think the formvariable overrides the value passed through the URL, I'm not sure, you have a good point there, I will have to go back and do a test on that,anup> but then how do you keep people from simply coming in via a manipulated URL w/formvars > set the way they want them - and thus getting around that kind of guard? > > Anup Setty wrote: > > > The way I do it is, pass a variable(counter) and each time increment it, > > when it > > gets to a certain value, then you know what to do... > > > > > > From: John Butler > > Subject: best way to limit # of attempts to login to protected page? > > > > > If I want to restrict the number of times someone can attempt to login > > > to a protected page, what is the best way? > > > > > > ...update a db field (with an incrementally counting number: +1 for > > > every attempt) in a record whose key field is their IPADDRESS? And when > > > it hits the threshhold # then disallow that IP from trying again? Then > > > use a trigger to delete records older than (24) hours... > > > > > > ? > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > Web Archive of this list is at: http://search.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: best way to limit # of attempts to login to protected page? (Anup Setty 2000)
  2. Re: best way to limit # of attempts to login to protected page? (John Butler 2000)
  3. Re: best way to limit # of attempts to login to protected page? (Anup Setty 2000)
  4. Re: best way to limit # of attempts to login to protected page? (John Butler 2000)
  5. Re: best way to limit # of attempts to login to protected page? (Anup Setty 2000)
  6. Re: best way to limit # of attempts to login to protected page? (James Howarth 2000)
  7. best way to limit # of attempts to login to protected page? (John Butler 2000)
I pass the counter value as a formvariable, i.e., when I check for the username and password, and if it is wrong, I redirect them to the login page via auto form submit. I think the formvariable overrides the value passed through the URL, I'm not sure, you have a good point there, I will have to go back and do a test on that,anup> but then how do you keep people from simply coming in via a manipulated URL w/formvars > set the way they want them - and thus getting around that kind of guard? > > Anup Setty wrote: > > > The way I do it is, pass a variable(counter) and each time increment it, > > when it > > gets to a certain value, then you know what to do... > > > > > > From: John Butler > > Subject: best way to limit # of attempts to login to protected page? > > > > > If I want to restrict the number of times someone can attempt to login > > > to a protected page, what is the best way? > > > > > > ...update a db field (with an incrementally counting number: +1 for > > > every attempt) in a record whose key field is their IPADDRESS? And when > > > it hits the threshhold # then disallow that IP from trying again? Then > > > use a trigger to delete records older than (24) hours... > > > > > > ? > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > Web Archive of this list is at: http://search.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Anup Setty

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Credit Card not accepted (1998) WebCat2 - [format thousands] (1997) Location of Browser Info.txt file (1997) Emailer (WebCat2) (1997) OT: Need some feedback, please. (2003) webcat2b12 CGI -- Date comparisons (1997) protect tag not working (1998) Ampersand (1997) webdna preferences (2005) Enhancement Request for WebCatalog-NT (1996) Alternating colors (1997) OT (sort of) WAP/WML and 'form' posts (2003) EIMS & emailer conflicts? (1999) japanese characters (1997) WC TableGrinder (1997) taxTotal, grandTotal (1997) [AppendFile] problem (WebCat2b13 Mac .acgi) (1997) New random discoveries? (2005) Search for specific characters in a string (2005) Hosts who have upgraded to v5.0? (2003)