From: "Serge Knystautas" <[EMAIL PROTECTED]> > What about a counter to check how > frequently a password has been guessed (some time limit) or maybe some > throttling so a single IP address can't make too many guesses for > whatever accounts it tries to get to? If you at least set it to lock > the account for 5 minutes after a few rapid failed attempts, you'll > greatly slow down the ability of a dictionary attack.
This seems like a really good idea. I think security related auditing is really important. A hook to specify reaction(s) to the breakin attempt would be very nice. MS and other systems usu. have hooks to temprorily disable an account if there are n(say 3) login failures. Harmeet -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
