more useful options | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
(Yes, a very excellent response, Haj ... thanks for sharing.) Another strategy that I have used with good success is to fairly-quickly kick users who have had too many unsuccessful login attempts over to an alternative login-screen – same URL, different content – which requires a "captcha." (Although Mother Google is probably the easiest source of captchas, I doubt it really matters much.) It’s fine to add some text explaining to the human user why you are doing this ... robots will never read it anyway.) Of course, thanks to CPAN, the actual implementation requires no thought. Having forced them over to this alternative login screen, I would make them successfully complete it two or three times before relenting and letting them go back to the old way. I frankly think that this will ultimately be more effective, and considerably easier to implement, than the strategy you are now contemplating. (I generally think of these to be better reserved for denial-of-service attacks.) I would also counsel making "captchas" a mandatory feature of your "sign up for an account" screens, if you allow arbitrary users to do so. I have about 9,000(!) "junk" user-ids dating from before I did this. (How they all managed to respond to the mandatory account-validation emails, I have no idea ...) In reply to Re: RFC / Audit: Mojo Login Example
by sundialsvc4
|
|