2013-03-17, 00:35:06
Alternative is to lockout and send reset email with timed token link.
I am against time throttles, as it can allow dos attacks to ties up many threads on your web server.
We can implement host blocking but any hacker worth their salt will be using a proxy anonymizer.
I am against time throttles, as it can allow dos attacks to ties up many threads on your web server.
We can implement host blocking but any hacker worth their salt will be using a proxy anonymizer.