I would like to know what do you suggest to implement a limit for
failed login attempts.
I thought that might be a good idea, to define a session variable
called ( failedattempts ), then check and if $failedattempts is
greater than, suppose, 4 write to a Database ( ip, username and
last-time-attempt ). If ater that, the user/bot tries again to login
unsuccessfully, then the system should ban that user & ip combination.
Some questions about this situation:
- Do you think that is a good idea to use sleep() ?.
- How should I send a 503 HTTP error to the user after 5 attempts ?
- Is this a good idea to do all this work for this security purpose ?
- Do you know/suggest a better way to solve this?
Thanks in advance,
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php