One suggestion might be to modify JDBCRealm so that on unsuccessful
login it updates a database field (like NUM_BAD_LOGINS) to one more than it
is. Then when the magic number is triggered, you don't allow them to login
even with the correct password. When the administrator resets the
Why not implement a unix-style login which gets slower after every duff
attempt?
-Original Message-
From: Randy Layman [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 07, 2001 1:10 PM
To: [EMAIL PROTECTED]
Subject: RE: Form-Based Auth and tracking Login Attempts
One