the only other thing I would add is a counter of bad log in attempts. if 5 attempts failed, I would lock out the account for a minute. If more than 20 attempts, I lock it out until I reset it.
I have one very important page set up so that the user has to log in with the same set of credentials twice. the first time it appears that it didn't work. I tell the users (only a handful of people) they have to do it twice. I figure anyone hacking in will never try the same set teice. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:298252 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
