> It looks to me like there's a problem with web services, specifically the ones
> that allow logins. Basically, a username/password is sent to the service and it
> responds with data if the person is a valid user. What stops someone from using
> the web service again and again to test a un/pw until they get the right one?
> Maybe the answer is obvious and I don't see it.
How would you stop it in a normal web form?
> checking amount of attempts per IP - ip can be forged
You can't fake an IP and expect TCP/IP to work.
Jochem
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
