Hi guys, I would like to know what do you suggest to implement a limit for failed login attempts.
I thought that might be a good idea, to define a session variable called ( failedattempts ), then check and if $failedattempts is greater than, suppose, 4 write to a Database ( ip, username and last-time-attempt ). If ater that, the user/bot tries again to login unsuccessfully, then the system should ban that user & ip combination. Some questions about this situation: - Do you think that is a good idea to use sleep() ?. - How should I send a 503 HTTP error to the user after 5 attempts ? - Is this a good idea to do all this work for this security purpose ? - Do you know/suggest a better way to solve this? Thanks in advance, Juan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
