[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Locking of principales due to unsuccessfull attempts

On Wed, 8 Jun 2005, Andreas Haupt wrote:
|> Have I been missing something  or is  it just not there?
|You didn't miss anything. It's really not there ...
|> If it isn't there jet, is it planed to introduce such a function?
|Well, years ago, I asked the same question. That time I was told that the
|current database model does not support account locking (but Love and
|Johan will probably know better...).
|All I can say is that you can live without it.
I know , years ago we run the ka w/o it too.

|People offending against
|the password policy can be trapped by observing log files, too.

Well thats true in terms of password policy violation even it is not a in
time detection.

It is less true in terms of half-spied passwords.
If one tries to guess the rest of the password it would take
(much) more time or it tends to come to victims  attention.

Also I hate to bother my customers habit

On the other hand I know to explore my site to a dos-attack.

Maybe all in all You are right. - I'd wish to have it anyway -

|| Andreas Haupt                      | E-Mail:  andreas.haupt@desy.de
||  DESY Zeuthen                      | WWW:     http://www.desy.de/~ahaupt
||  Platanenallee 6                   | Phone:   +49/33762/7-7359
||  D-15738 Zeuthen                   | Fax:     +49/33762/7-7216

Fuer Rueckfragen stehe ich Ihnen gerne zur Verfuegung, beforzuge jedoch
telefonisdche Kontacktaufnahme ( 3949 oder +49 (0)179 6954907 ). Danke.

Hochachtungsvoll und mit freundlichen Gruessen   M.Feiler

  Mit Computerviren verhaelt es sich so, wie mit verschiedenen
  Geschlechtskrankheiten:  Meist HOLT man sie sich wenn man
  zu leichtsinnig zu ugeschuetzt  verkehrt.

PGP public key &  Homepage   :  http://www.uni-hohenheim.de/~feiler