How so? Please elaborate.
Our web application sits entirely Tomcat land and it's accessible only
via Apache, but Apache is only acting basically as the redirector - it
knows nothing of what's going on, it just rewrites/relays requests and
serves up responses.
-adam
Joe Germuska wrote:
On 3/9/07, Adam Gordon <[EMAIL PROTECTED]> wrote:
Our login page performs a POST to authenticate and I'd like to put in
a
delay when a login failure occurs so that it hinders/frustrates any
malicious users and any scripts they might be running. I realize this
isn't a foolproof solution but since the user isn't authenticated yet,
I
don't have a ton of options. One other thing we'll probably be doing
is
session validation/invalidation.
I would think that the kind of throttling you're talking about is
something
you're better off doing with Apache than trying to do in your
application
code.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]