Re: best way to limit # of attempts to login to protected page?
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 35437
interpreted = N
texte = I pass the counter value as a formvariable, i.e., when I check for theusername and password,and if it is wrong, I redirect them to the login page via auto form submit.I think the formvariableoverrides the value passed through the URL, I'm not sure, you have a goodpoint there, I will haveto go back and do a test on that,anup> but then how do you keep people from simply coming in via a manipulatedURL w/formvars> set the way they want them - and thus getting around that kind of guard?>> Anup Setty wrote:>> > The way I do it is, pass a variable(counter) and each time increment it,> > when it> > gets to a certain value, then you know what to do...> >> >> > From: John Butler
> > Subject: best way to limit # of attempts to login to protected page?> >> > > If I want to restrict the number of times someone can attempt to login> > > to a protected page, what is the best way?> > >> > > ...update a db field (with an incrementally counting number: +1 for> > > every attempt) in a record whose key field is their IPADDRESS? Andwhen> > > it hits the threshhold # then disallow that IP from trying again?Then> > > use a trigger to delete records older than (24) hours...> > >> > > ?>>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to> Web Archive of this list is at: http://search.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Associated Messages, from the most recent to the oldest:
I pass the counter value as a formvariable, i.e., when I check for theusername and password,and if it is wrong, I redirect them to the login page via auto form submit.I think the formvariableoverrides the value passed through the URL, I'm not sure, you have a goodpoint there, I will haveto go back and do a test on that,anup> but then how do you keep people from simply coming in via a manipulatedURL w/formvars> set the way they want them - and thus getting around that kind of guard?>> Anup Setty wrote:>> > The way I do it is, pass a variable(counter) and each time increment it,> > when it> > gets to a certain value, then you know what to do...> >> >> > From: John Butler > > Subject: best way to limit # of attempts to login to protected page?> >> > > If I want to restrict the number of times someone can attempt to login> > > to a protected page, what is the best way?> > >> > > ...update a db field (with an incrementally counting number: +1 for> > > every attempt) in a record whose key field is their IPADDRESS? Andwhen> > > it hits the threshhold # then disallow that IP from trying again?Then> > > use a trigger to delete records older than (24) hours...> > >> > > ?>>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to> Web Archive of this list is at: http://search.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Anup Setty
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Credit Card not accepted (1998)
WebCat2 - [format thousands] (1997)
Location of Browser Info.txt file (1997)
Emailer (WebCat2) (1997)
OT: Need some feedback, please. (2003)
webcat2b12 CGI -- Date comparisons (1997)
protect tag not working (1998)
Ampersand (1997)
webdna preferences (2005)
Enhancement Request for WebCatalog-NT (1996)
Alternating colors (1997)
OT (sort of) WAP/WML and 'form' posts (2003)
EIMS & emailer conflicts? (1999)
japanese characters (1997)
WC TableGrinder (1997)
taxTotal, grandTotal (1997)
[AppendFile] problem (WebCat2b13 Mac .acgi) (1997)
New random discoveries? (2005)
Search for specific characters in a string (2005)
Hosts who have upgraded to v5.0? (2003)