Account lockout in mod auth db

Forum Moderators: phranque

Message Too Old, No Replies

Account lockout in mod auth db

andrewg 1976

12:32 am on Oct 2, 2007 (gmt 0)

Hi,

Does mod_auth_db or any of the mod_auth modules have an account lockout feature? I've setup mod_auth_db and it works well, only it seems to allow unlimited login attempts (after 3 attempts it throws to an error page but I can go back and try again and again).

If not mod_auth are there any other options to include username and password authentication as well as account lockout with Apache 2.0.55 that's as simple as mod_auth?

Thanks,
Andrew

jdMorgan

2:15 pm on Oct 2, 2007 (gmt 0)

In order to limit login attempts, you'll need a login script; None of Apache's functions involve user-state tracking, since HTTP is a stateless protocol. That is, within the server itself, no current HTTP request depends in any way on any previous request.

This is one reason that cookies were invented -- to store client state information. However, since in this case you don't implicitly trust the client, a simple client-side state mechanism is unacceptable, and you'll need to do most of the work on the server side.

Jim

andrewg 1976

4:52 am on Oct 3, 2007 (gmt 0)

Thanks. This is what I suspected.