Hi guys,
I would like to know what do you suggest to implement a limit for
failed login attempts.

I thought that might be a good idea, to define a session variable
called ( failedattempts ), then check and if $failedattempts is
greater than, suppose, 4 write to a Database ( ip, username and
last-time-attempt ). If ater that, the user/bot tries again to login
unsuccessfully, then the system should ban that user & ip combination.

Some questions about this situation:

- Do you think that is a good idea to use sleep() ?.
- How should I send a 503 HTTP error to the user after 5 attempts ?
- Is this a good idea to do all this work for this security purpose ?
- Do you know/suggest a better way to solve this?

Thanks in advance,

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to