> Paul L. Allen wrote:
> >Tom Collins writes:
> >>What if the system tracked it by IP, and after three failures locked
> >>out connections from that IP for 10 minutes?
> He meant log it on an account AND ip basis.
Perhaps he did, but "locked out CONNECTIONS from that IP for 10 minutes"
reads differently to me. If Tom had meant what you said, then I would
have expected something like "locked out authentication attempts from
that username/IP pair for 10 minutes."