Re: best way to limit # of attempts to login to protected page?

This WebDNA talk-list message is from

2000

It keeps the original formatting. numero = 35446
interpreted = N
texte = You mean to say if someone fails, say in 3 attempts to login, you would wantthem toget a new password and/or username? In that case you can do the number checkas wellas the IPAddress, or you can limit 3 attempts in a day/IPaddress, etc..I really don't know any other way to do this.anup> I also am not sure, but assume like you that a formvar overrides anURL-passed value.> but even if so, then the would-be-hacker could simply view source code,see the> incrementing formvar, and realize he could simply load the login form pagefresh to> reset the counter...>> Anup Setty wrote:>> > I pass the counter value as a formvariable, i.e., when I check for the> > username and password,> > and if it is wrong, I redirect them to the login page via auto formsubmit.> > I think the formvariable> > overrides the value passed through the URL, I'm not sure, you have agood> > point there, I will have> > to go back and do a test on that,> >> > anup>>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to> Web Archive of this list is at: http://search.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

Re: best way to limit # of attempts to login to protected page? (Anup Setty 2000)
Re: best way to limit # of attempts to login to protected page? (John Butler 2000)
Re: best way to limit # of attempts to login to protected page? (Anup Setty 2000)
Re: best way to limit # of attempts to login to protected page? (John Butler 2000)
Re: best way to limit # of attempts to login to protected page? (Anup Setty 2000)
Re: best way to limit # of attempts to login to protected page? (James Howarth 2000)
best way to limit # of attempts to login to protected page? (John Butler 2000)

You mean to say if someone fails, say in 3 attempts to login, you would wantthem toget a new password and/or username? In that case you can do the number checkas wellas the IPAddress, or you can limit 3 attempts in a day/IPaddress, etc..I really don't know any other way to do this.anup> I also am not sure, but assume like you that a formvar overrides anURL-passed value.> but even if so, then the would-be-hacker could simply view source code,see the> incrementing formvar, and realize he could simply load the login form pagefresh to> reset the counter...>> Anup Setty wrote:>> > I pass the counter value as a formvariable, i.e., when I check for the> > username and password,> > and if it is wrong, I redirect them to the login page via auto formsubmit.> > I think the formvariable> > overrides the value passed through the URL, I'm not sure, you have agood> > point there, I will have> > to go back and do a test on that,> >> > anup>>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to> Web Archive of this list is at: http://search.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Anup Setty

DOWNLOAD WEBDNA NOW!

Re: best way to limit # of attempts to login to protected page?

2000

Top Articles:

Related Readings: