httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary W. Smith" <g...@primeexalia.com>
Subject RE: [users@httpd] Modules to combay Password Trading
Date Sat, 12 Feb 2005 23:16:24 GMT
>From a development standpoint you can just create a script that will
parse the log file and compare the number of IP's that user that user
account during a given period and if they go beyond a threshold then
lock the account or reset the password.

A commercial equities firm that I work for does something similar to
this on one of their web sites.  In our case we find that one user might
log in from two or three different IP's in one day but when we see
something like 20 then we lock them out and wait for them to call.


>   I know there are many commercial alternatives out there to prevent
the
> use of stolen passwords or to stop password trading, and they all work
> well, but I was curious as to if there were any opensource Apache
> modules that perhaps would do just as good of a job, if not better.
> 
> I did not see anything on modules.apache.org.
> 
> If anyone has any experience in this realm, I would surely appreciate
> your input.
> 
> Thanks
> -dant
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message