posted 20 years ago
Hi all,
I hope this is the right forum. I'm adding a login feature to an existing web application where a user logs in X many times with the wrong password, that person gets locked out.
I have a couple of ideas but wanted to double check if there already exists a defined process that every web app follows.
1)
I was thinking of keeping track of the user login attempts in the database and each time the user tries to login with incorrect password. After so many tries, it locks the user out.
2)
I was also thinking of keeping track of the number login in attempts in a text file. The login jsp/servlet file can query this file to see how many times this user as attempted to login.
So, What do you guys think?
Can anyone recommend some resources for me to read?
Thanks,
--------------------
Geoffrey Lo