I agree with the solution proposed by Andrew Scott. Record the date/time of the last FAILED login and don't allow another attempt with that username for 30 minutes after that recorded time.
We use a similar concept - except for getting a "certficate" for a period of time (after that revalidation is required). I have also used a similar mechanism for a separate authentication system via a web-service. Dont rely on anything to do with the client's environment - it is too easy to circumvent. Regards, Gary Menzel On Mon, 17 Jan 2005 13:41:34 +1100, Andrew Scott <[EMAIL PROTECTED]> wrote: > Now when the failed attempt is 3 and they successfully log into the system > then you check the date they last logged into the system if it was less than > 30 mins then ban them, if it is more than 30 mins then you can reset this > login date to the current time. --- You are currently subscribed to cfaussie as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED] Aussie Macromedia Developers: http://lists.daemon.com.au/
