Thomas Bley wrote: > Hello, > > I propose two things: > - bind the session to the remote ip address and the user agent > - restrict a login from a remote ip address if there are more than 5 bad > logins within the last 2 hours > > What do you think ?
An alternative approach is to double a "sleep" for each time a login fails. I'm not sure how good an idea having a webserver sleep is, tho. As someone who routinely forgets his passwords, I have to say that I'd like a little more forgiving a way to do this :) --Peter _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
