Login Security

Results 1 to 2 of 2

Thread: Login Security

  1. #1
    Join Date
    Dec 1969

    Default Login Security

    I would like to have extra security with a login procedure.<BR>I want the ASP application to refuse login attempts for 10 minutes if a user provides an invalid password for 3 times. <BR><BR>I was thinking of using application variables along with a timestamp and the user name. However, if another user would provide a wrong password for one time, the banned user would get unbanned because the variable containing the username would get overwritten.<BR><BR>Any ideas how to tackle this problem?

  2. #2
    Join Date
    Dec 1969

    Default RE: Login Security

    Option 1:<BR>after three bad logins, <BR><BR>session.contents("disabled") = 1<BR><BR>before letting the user try to login, verify that session.contents("disabled") &#060;&#062; 1.<BR><BR><BR>This will stop working once the user has closed his browser or if the user doesn&#039;t have cookies enabled.<BR><BR>Option 2:<BR>Store the user&#039;s IP in your application variables, along with the timestamp.<BR><BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts