CodingForums.com - View Single Post

TFlan · 01-30-2013, 03:05 PM

You would need to track the users' IP and their session ID - although, both are easily duped.

Locking a user out after 3 attempts is practical, but it will not stop an experienced user.

Locking out a Username is a good practice, but how would you allow the REAL user access if simultaneously his account is being locked out by a spammer?

01-30-2013, 03:05 PM	PM User \| #2
TFlan New Coder Join Date: Dec 2012 Location: USA Posts: 82 Thanks: 3 Thanked 17 Times in 17 Posts	You would need to track the users' IP and their session ID - although, both are easily duped. Locking a user out after 3 attempts is practical, but it will not stop an experienced user. Locking out a Username is a good practice, but how would you allow the REAL user access if simultaneously his account is being locked out by a spammer?