(RADIATOR) Disabling accounts after too many failed login att empts
Roy Badami
roy.badami at globalgraphics.com
Mon Feb 28 10:51:00 CST 2005
>>>>> "Frank" == Frank Danielson <fdanielson at csky.com> writes:
Frank> I'd be tempted to use AuthLogSQL to log bad access attempts
Frank> with the username, fail flag, and timestamp. Then you could
Frank> use an AuthBySQL as the first authorization clause to check
Frank> for x number of failed logins in the last y seconds.
Ah, thanks. I was looking for somewhere to execute an SQL statement
after authentication failure... Didn't think of using AuthLog...
Frank> Of course you'll need to run a batch job every so often to
Frank> trim entries in the table that are more than y seconds old
Frank> to keep it at a manageable size.
Actuially, I'll just do an UPDATE in authlog to increment the user's
failure count.
Thanks,
-roy
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list