dirk at haun-online.de
Sat Jan 17 08:14:07 EST 2004
>Another tangent: In the future, if we kept track of how many failed
>login attempts since last succesfull login, we could do some pretty cool
>stuff (like lock and possibly send email to the affected person and
>admin that a login has failed three times on an account).
Good point. Actually, we probably shouldn't start logging failed login
attempts until they've exceeded a certain number (say, 3) - everyone
mistypes their password once in a while ...
Blocking an account after a certain amount of failed login attempts just
calls for misuse, but sending an email (to the user at least) sounds like
a good idea.
More information about the geeklog-devel