Hi All, Currently We are working on $subject.
When user tries to login using invalid credential until reach the maximum attempts count, we lock the account for some specific time. After the time, we allow to user to try again and it will be locked again after user tries to login using invalid credential for the maximum attempts. Now we are going to increase the lock time than the previous time. This ratio would be a configurable value. As an another improvement when a registered user tries to login to the system without email confirmation, inform him verification is pending and give the ability to resend the confirmation code to the registered email address. Your comments and suggestions are highly appreciated. thanks *Harsha Thirimanna* Associate Tech Lead; WSO2, Inc.; http://wso2.com * <http://www.apache.org/>* *email: **[email protected]* <[email protected]>* cell: +94 71 5186770 * *twitter: **http://twitter.com/ <http://twitter.com/afkham_azeez>* *harshathirimannlinked-in: **http: <http://lk.linkedin.com/in/afkhamazeez>**//www.linkedin.com/pub/harsha-thirimanna/10/ab8/122 <http://www.linkedin.com/pub/harsha-thirimanna/10/ab8/122>* *Lean . Enterprise . Middleware*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
