Re: best way to limit # of attempts to login to protected page?

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 35437
interpreted = N
texte = I pass the counter value as a formvariable, i.e., when I check for the username and password, and if it is wrong, I redirect them to the login page via auto form submit. I think the formvariable overrides the value passed through the URL, I'm not sure, you have a good point there, I will have to go back and do a test on that,anup> but then how do you keep people from simply coming in via a manipulated URL w/formvars > set the way they want them - and thus getting around that kind of guard? > > Anup Setty wrote: > > > The way I do it is, pass a variable(counter) and each time increment it, > > when it > > gets to a certain value, then you know what to do... > > > > > > From: John Butler > > Subject: best way to limit # of attempts to login to protected page? > > > > > If I want to restrict the number of times someone can attempt to login > > > to a protected page, what is the best way? > > > > > > ...update a db field (with an incrementally counting number: +1 for > > > every attempt) in a record whose key field is their IPADDRESS? And when > > > it hits the threshhold # then disallow that IP from trying again? Then > > > use a trigger to delete records older than (24) hours... > > > > > > ? > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > Web Archive of this list is at: http://search.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: best way to limit # of attempts to login to protected page? (Anup Setty 2000)
  2. Re: best way to limit # of attempts to login to protected page? (John Butler 2000)
  3. Re: best way to limit # of attempts to login to protected page? (Anup Setty 2000)
  4. Re: best way to limit # of attempts to login to protected page? (John Butler 2000)
  5. Re: best way to limit # of attempts to login to protected page? (Anup Setty 2000)
  6. Re: best way to limit # of attempts to login to protected page? (James Howarth 2000)
  7. best way to limit # of attempts to login to protected page? (John Butler 2000)
I pass the counter value as a formvariable, i.e., when I check for the username and password, and if it is wrong, I redirect them to the login page via auto form submit. I think the formvariable overrides the value passed through the URL, I'm not sure, you have a good point there, I will have to go back and do a test on that,anup> but then how do you keep people from simply coming in via a manipulated URL w/formvars > set the way they want them - and thus getting around that kind of guard? > > Anup Setty wrote: > > > The way I do it is, pass a variable(counter) and each time increment it, > > when it > > gets to a certain value, then you know what to do... > > > > > > From: John Butler > > Subject: best way to limit # of attempts to login to protected page? > > > > > If I want to restrict the number of times someone can attempt to login > > > to a protected page, what is the best way? > > > > > > ...update a db field (with an incrementally counting number: +1 for > > > every attempt) in a record whose key field is their IPADDRESS? And when > > > it hits the threshhold # then disallow that IP from trying again? Then > > > use a trigger to delete records older than (24) hours... > > > > > > ? > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > Web Archive of this list is at: http://search.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Anup Setty

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WC2b15 - [HTMLx]...[/HTMLx] problems SOLVED! (1997) Email encryption (1998) possible, WebCat2.0 and checkboxes-restated (1997) & in grep (2003) RE: 2.01 upgrade problems (1997) Deleting Orders (1997) counting characters and/or words (1997) [WebDNA] Build Name for 6.1 (2008) Fileinfo... (2000) Running _every_ page through WebCat ? (1997) ShowIf & HideIf Question? (1998) Country & Ship-to address & other fields ? (1997) [WriteFile] problems (1997) Rendering out a page (1997) Security Issues and WebCommerce Solution (1997) Sample Email Catalog Order? (1998) Weird Syntax (2002) Include a big block of text (1997) SQL Error 22003 : Found the workaround (2001) Enterprise Server (1998)