1 Reply Latest reply on Sep 18, 2002 10:32 AM by jwkaltz

    prevent attack by counting unsuccessful login and freeze use

    superchipchipchip

      Hello All

      Would anyone give me some idea on how to count unsuccessful login or retries? i would like to freeze the user account or disable connection from a specific IP if the unsuccessful counts is higher than a given value. Any interceptor to do that?

      Any suggestions will really be appreciated.

      Chris

        • 1. Re: prevent attack by counting unsuccessful login and freeze
          jwkaltz

          One way would be to track unsuccessful logins in your user information. For example if your users are stored in an SQL database, add a column "unsuccessful logins".
          You would need to write your own custom login module for that though. Yet that's probably easier than writing your own security interceptor.

          Disclaimer: just my view ... will implement precisely that soon for my LDAP users