On 8/24/01 4:46 AM, Terry Allen at [EMAIL PROTECTED] wrote:
> I actually see this as a good way to identify login attempts to an
> account using an invalid password. Earlier this year, I had a client using
> my server with some very important corporate data they wanted kept secure
> by email (hence use the Mac based server as it's nice & secure) Someone
> attempted to access the account using quite a number of different password
> attempts, all from the same IP address. As a result of this, I was able to
> do a lookup & provide the client with the network (actually within their
> organisation) & the person was suspended. This, I think is a very useful
> feature.
I don't think anyone is objecting to the logging of invalid login attempts.
The objection (and rightly so in my opinion) is to including the correct
password with the logged attempt in the cases where the username and
password was correct but the login failed for other reasons.
-- Larry Stone
[EMAIL PROTECTED]
http://www.stonejongleux.com/
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
