Jay,
Thanks for the thoughts! I know the security enhancements in place now are much stronger than they were concerning IP, etc, but for those who are not knowledgable what their IP range is from their DHCP server ISP, I can see where it might not help much. Actually I prefer the last suggestion you made. Create a formal backdoor for account login. As part of the administration tools, someone can optionally define a backdoor login string and backdoor password. As long as the backdoow login string is users unique, it's tied to the account number, and it's done. The backdoor would only be known to the owner of the account, and if denial of service occurred on the account number, it could be simply be bypassed through the back door, even if the account number was being frozen. Works for me! Does not even sound all that hard to generate software for it, either. Thanks, Chuck "Jay W." wrote: > hi chuck, > > if it became a problem, there are a couple of angles that > could be used including what you mention. another idea would > be to let users define an IP (or range) that logins to > their account must come from, ignoring the rest. > > possibly also let each account holder configure their own > lockout protection parameters - # incorrect attempts til lockout, > # minutes locked out, # incorrect attempts allowed after that til > relockout. "real men" with the most random and lengthy of > passphrases would just disable lockout protection on their accounts. > > another line of thought is to login via an identifier other than > account number (so that bad guy can't pick out your particular > account to hit). > > jay w. > [EMAIL PROTECTED] --- You are currently subscribed to e-gold-tech as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
