I've been asked to add a lock out "feature" to our website.
Basically after
x failed attempts in y amount of time the server will refuse all login
attempts for z amount of time.
I'd like to block both accounts (correct account name but incorrect
passwords), and IP's regardless of what account they try to access.
I figure I'll have to use some globals, but I'm just trying to
figure out
the best way to tackle the problem. I'm hoping someone else has
already
done this and can offer some suggestions.
Just to be safe I would store lockouts in the database in case the
server has to be restarted for some reason.
Regards,
- Aparajita
_______________________________________________
Active4D-dev mailing list
[email protected]
http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev
Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/
