On 3/9/07, Adam Gordon <[EMAIL PROTECTED]> wrote:
Our login page performs a POST to authenticate and I'd like to put in a delay when a login failure occurs so that it hinders/frustrates any malicious users and any scripts they might be running. I realize this isn't a foolproof solution but since the user isn't authenticated yet, I don't have a ton of options. One other thing we'll probably be doing is session validation/invalidation.
I would think that the kind of throttling you're talking about is something you're better off doing with Apache than trying to do in your application code. -- Joe Germuska [EMAIL PROTECTED] * http://blog.germuska.com "The truth is that we learned from João forever to be out of tune." -- Caetano Veloso
