Quote:
Originally Posted by mafia_man
Because IP addresses don't change do they 
You're better logging the country of origin using GeoIP. Possibly hashing the user agent, although this isn't good either.
Use a captcha, yes there are farms etc. but it costs money to get people to fill them out.
Force password reset via email on 5 failed attempts.
This isn't rocket science and isn't worth $150. |
Think mafia man - you just pointed out that the last guy who thought it was easy is actually
clueless. But then you think YOU have the easy and secure solution ...
5 failed attempts, you say? Never heard of a proxy list? Seriously there's a reason Strongbox
has over 7,000 lines of code - because all of the 5 minute "solutions" are as worthless as
you showed the IP-cookie to be.
__________________
For historical display only. This information is not current:
support@bettercgi.com ICQ 7208627
Strongbox - The next generation in site security
Throttlebox - The next generation in bandwidth control
Clonebox - Backup and disaster recovery on steroids