Think about Loose Coupling | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
For several reasons, this is not a good solution to the problem:
First off, you penalize any valid users that want to log in for the first time. Secondly, any attacker can just start up a bunch of requests at the same time (let's say 10 requests) and still get way more attempts per second. Try to stop that and you'll create a situation where your security system will probably become more convoluted and difficult to test (thus probably still not working correctly). Anyways I'd go for matsmats++ solution, or go for full client SSL certificates if you can affort the trouble and money.
In reply to Re: Re: •Re: Password hacker killer
by Joost
|
|