473,320 Members | 2,029 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Auto-lock out module after 3-5 unsuccessful logins

Hi, I would like to create an auto-lock out module where users are
unable to continue login attempt after 3-5 unsuccessful logins. In
addition, the user account are automatically suspended after
stipulated unsuccessful logins.
Is there any sample coding in ASP or Javascript for me to refer to??
Thanks alot!!!
Jul 22 '05 #1
4 3846
tchangmian wrote on 13 dec 2004 in microsoft.public.inetserver.asp.general:
Hi, I would like to create an auto-lock out module where users are
unable to continue login attempt after 3-5 unsuccessful logins. In
addition, the user account are automatically suspended after
stipulated unsuccessful logins.


First think, hangmian!

How can you determine the account user of an unsuccesful login ??

The best you can do is allowing a maximum logincount per ASP-session, [and
denying access to people without sesson cookies enabled, so without a
session]

Setting a deny cookie on the client is a nice but defeatable action.

Denying IP-addresses is NOT an option, IMHO.

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Jul 22 '05 #2
Here is the gist of a simplistic mechanism we did for a client. It may or
may not be sufficient for your situation:

------before authenticating user-------

'attempts are stored in Application Variables by login id
nTry = Application(strLoginID)
If Not IsNumeric(nTry) Then
nTry = 1
Else
nTry = nTry + 1
End If

If nTry > 3 Then
Response.Redirect "../html/mp_acctlocked.html"
Else

-------code to authenticate user goes here-------

End If

If AuthenticateUser = 0 Then
Application.Contents.Remove(strLoginID) 'successful
Else
Application(strLoginID) = nTry 'failed, update try count
End If

You also need admin functions to unlock users.

A more robust mechanism would store the try count in a database along with a
timestamp so that locked accounts could be released automatically if
desired.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"tchangmian" <tc********@yahoo.com.sg> wrote in message
news:64**************************@posting.google.c om...
Hi, I would like to create an auto-lock out module where users are
unable to continue login attempt after 3-5 unsuccessful logins. In
addition, the user account are automatically suspended after
stipulated unsuccessful logins.
Is there any sample coding in ASP or Javascript for me to refer to??
Thanks alot!!!

Jul 22 '05 #3
Mark Schupp wrote on 13 dec 2004 in
microsoft.public.inetserver.asp.general:
If AuthenticateUser = 0 Then
Application.Contents.Remove(strLoginID) 'successful
Else
Application(strLoginID) = nTry 'failed, update try count
End If


So if I knew anothers username,
I could lock him out till doomsday or till server reset,
willingly or by accident?
So if I stumbled on another application variable's name,
unconnected to authentication, like an users-online counter,
I could change the content to 1,2 or 3,
willingly or by accident?
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Jul 22 '05 #4
I didn't say it was perfect. I said it met the client's requirements. That
requirement (and probably the requirement that the OP has) was from an IT
department's security review and was non-negotiable. The potential that a
user could be locked out had to be accepted as the cost of limiting repeated
login attempts.

In that particular application all application variables had prefixes to
their names which would likely prevent collision with login IDs. So in that
case the "quick fix" using application variables was deemed acceptable. A
much better solution (and the one we will use should we include the feature
in the standard application) is to keep track of login attempts in the
database.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"Evertjan." <ex**************@interxnl.net> wrote in message
news:Xn********************@194.109.133.29...
Mark Schupp wrote on 13 dec 2004 in
microsoft.public.inetserver.asp.general:
If AuthenticateUser = 0 Then
Application.Contents.Remove(strLoginID) 'successful
Else
Application(strLoginID) = nTry 'failed, update try count
End If


So if I knew anothers username,
I could lock him out till doomsday or till server reset,
willingly or by accident?
So if I stumbled on another application variable's name,
unconnected to authentication, like an users-online counter,
I could change the content to 1,2 or 3,
willingly or by accident?
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

Jul 22 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: Manlio Perillo | last post by:
Hi. This post follows "does python have useless destructors". I'm not an expert, so I hope what I will write is meaningfull and clear. Actually in Python there is no possibility to write code...
1
by: Glabbeek | last post by:
I'm changing the layout of my site. Instead of using tables, I will use DIVs. It's working fine, except for 1 thing: In IE6 some DIVs are not the correct width. Mozilla and Opera are showing the...
5
by: Robert Downes | last post by:
I'm using the following in a page that I'm testing in Mozilla: p.actionLinkBlock {border: 1px #000000 dashed; padding: 0.2cm; width: auto} But the dashed border is extending to the right-edge...
20
by: Vijay Kumar R. Zanvar | last post by:
Hello, Unlike register, auto keyword can not be used to declare formal parameter(s). Is there any specific reason for this? Kind regards, Vijay Kumar R. Zanvar
6
by: Alpha | last post by:
I retrieve a table with only 2 columns. One is a auto-generated primary key column and the 2nd is a string. When I add a new row to the dataset to be updated back to the database. What should I...
5
by: Samuel | last post by:
Hi, I am running into a problem of mixing UICulture = auto and allowing users to select culture using a dropdown list. I am detecting a querystring, "setlang", and when found, setting the...
5
by: maya | last post by:
at work they decided to center divs thus: body {text-align:center} #content {width: 612px; text-align:left; margin: 0 auto 0 auto; } this works fine in IE & FF, EXCEPT in FF it doesn't work if...
22
by: nospam_news | last post by:
I currently get asked about my usage of "auto". What is it for? The keyword is clearly superflous here. In contrast to the huge majority of C/C++ developers I write definitions very explicitly...
2
by: Piotr K | last post by:
Hi, I've encountered a strange problem with Firefox which I don't have any idea how to resolve. To the point: I've <divelement with a style "height: auto" and I want to retrieve this value...
21
by: JOYCE | last post by:
Look the subject,that's my problem! I hope someone can help me, thanks
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.