My initial reaction to this was "cool idea!", but then I thought about the implications to valid users. A spammer would essentially be able to lock out valid users - a DOS attack.
I can see use cases where this could be a good feature, but I wouldn't want this feature enabled by default, and I would want some warning in the documentation so that users didn't enable it blindly. Just my thoughts. Peter -----Original Message----- From: Daniel Miller [mailto:dmil...@amfes.com] Sent: Tuesday, June 27, 2017 2:10 PM To: ASSP development mailing list <assp-test@lists.sourceforge.net> Subject: Re: [Assp-test] Possible feature requests My intended function is to specifically block IP's with invalid auths. So users with properly configured clients will never see an issue. Daniel On 6/27/2017 1:07 PM, Robert K Coffman Jr. -Info From Data Corp. wrote: > A big problem with that is it would cause a DOS for the username if it > is valid. > > - Bob > > On 6/27/2017 3:21 PM, Daniel Miller wrote: >> I'm suggesting having settings MaxAUTHErrorsAllIPs (number of bad >> logins for a given user across ALL IP's) > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
